How To: Securely use the OPC UA Server
If you use the OPC UA Server for the connection to the target device (which is included with CODESYS OPC UA in the standard installation of CODESYS), then you should use secure the communication.
Certificate-encrypted data exchange with the client in accordance with the OPC UA Standard (profile:
Basic256SHA256)You can generate the certificate via CODESYS Security Agent. It is also possible to use a certificate for the client which is restricted to browsing only. Alternatively, the certificate could also be requested by default via the PLC Shell in the device editor.
For instructions on configuring and commissioning the OPC UA Server including certificate installation, see the following: OPC UA Server.
Security settings for the OPC UA Server. These can be changed in the device editor (Communication Settings tab, Device menu, Security settings command).
For instructions, see the following: Configuration and commissioning of the OPC UA Server
Use the permissions and user management of the controller. You can do this in the device editor on the Access Rights tab. There is also the option for anonymous access. To do this, change the runtime system security policy on the Communication Settings tab of the device editor.
For instructions, see the following: User management in OPC UA.
If data source objects are used to access PLC variables symbolically via the OPC UA Server, then you can define symbol sets which are accessible only to specific user groups. This is done using an IEC Symbol Publishing object.
For instructions, see the following: IEC Symbol Set Configuration.