Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

Application Server

Using OI Gateway to Configure the Client Security Certificate

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Using OI Gateway to Configure the Client Security Certificate

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedApr 18, 2022
  • 2 minute read

OI Gateway provides a convenient method for configuring security certification on the server and client OPC UA nodes.

To configure the security certificate through OI Gateway

  1. From the Start Menu on the run-time node, open the Operations Control Management Console (OCMC) (Start > AVEVA > Operations Control Management Console).

    OPCUA_NodeConfig

  2. In the console tree, navigate to the OI.GATEWAY.3 node under Operations Integration Supervisory Servers (1).

  3. Create an OPC UA connection.

  4. Configure OPC UA Server Details (2).

    • Server Node: Enter the machine name of the run-time node.

    • OPC UA Server: This is the URI (uniform resource identifier) for the OPC UA server (the run-time node). The address must be entered manually because it is not currently discoverable. Enter it in the format opc.tcp://<machine name>:<OPC UA port number>

      Use the OPC UA port number that you entered when configuring the AVEVA OPCUAService in the IDE (ArchestrA Services Configuration). The default port number is 48031.

  5. Enter the authorization and authentication credentials (3).

    You must match the authorization settings configured in the OPC UA server dialog. If the Require Security Authentication checkbox is checked, then you must select the following settings:

    • Security Policy: Basic256Sha256.

    • Security Message Mode: Sign and Encrypt.

    Similarly, you must match the Client Access Rules from the OPC UA Server configuration dialog. If the Allow authenticated Galaxy users checkbox is checked, enter the user name and password of a valid Galaxy user. These will be used to configure the OPC UA security certificate.

    Note: Galaxy security should already be configured.

  6. Click the Test button (4). The test will fail, but it will download the OPC UA certificate.

    IMPORTANT! The reason for this initial test failure is because the certificates between the client and server applications must be trusted. Installing the certificates will fix this.

  7. Go to the next section, Trusting the Certificate between the OPC UA Server and OPC UA Client.

Once the certificates are trusted, the OPC UA client configuration will need to be validated.

TitleResults for “How to create a CRG?”Also Available in