CODESYS - the IEC 61131-3 automation software
https://forum.codesys.com/

How to accept only comms with certificates in OPC-UA server
https://forum.codesys.com/viewtopic.php?f=17&t=9302
Page 1 of 1

Author:  garmenmikel [ Wed Nov 14, 2018 12:53 pm ]
Post subject:  How to accept only comms with certificates in OPC-UA server

Hello,

I would like to create a secure communication in OPC-UA between the server (Codesys) and the client (UaExpert). The OPC-UA server has been created in a Raspberry Pi after following the steps of the page https://help.codesys.com/webapp/_cds_ru ... n=3.5.13.0.

I created a certificate for the CODESYS OPC UA server, and then I configured an encrypted connection with the UaExpert client (Basic256Sha256 + Sign&Encrypt). Until here, everything has worked correctly.

But, I want the client, to be able to communicate with the server, have to use the certificate mandatorily.
In UaExpert, when I pulse Discovery and I add the direction of my OPC-UA server, it appears that I can access my OPC-UA server with three types of security:
None - None (uatcp-uasc-uabinary)
Basic256Sha256 - Sign (uatcp-uasc-uabinary)
Basic256Sha256 - Sign & Encrypt (uatcp-uasc-uabinary)

In the secure configuration Basic256Sha256 - Sign & Encrypt, I have to trust the client certificate in Codesys --> View --> Security Screen --> Devices. And I like it. But then, in UaExpert if I try to connect using None - None configuration, I can access to the server freely.

I would like to configure a secure configuration in the server, and when I Discovery the server in UaExpert, I want that I can only communicate using Basic256Sha256 - Sign & Encrypt. How can I do?

Thanks!

Page 1 of 1 All times are UTC+01:00
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/