How to make your project on OPC Server UA

OPC UA Server Configuration

In the Engineering Environment, navigate to the Info > Settings tab, and look for the OPC Server Runtime configuration. Select the OPC UA, and click on Settings.

An OPC Server configuration dialog will open that will request admin privileges. In the configuration manager, we can configure Endpoint characteristics for the server, manage Client certificates, and create a certificate for the Server.

Endpoints

In this tab, you can define the Endpoints in which the OPC Server will be deployed, select the Security Policies, and enable/disable anonymous user log in.

Clicking on the Add or Edit buttons will open a popup that allows the user to select the IP Address and Port number. Its also possible to define the IP for a specific network adapter that is available in the system. This can guarantee some security to your OPC; like making it inaccessible for anyone outside of your network.

It is important to make sure the defined ports are not blocked by the OS firewall.

The OPC Server's user management is done by the project's Security Module. The existing Users and Runtime Users, and their associated passwords, can be used to allow client connection.

Client Certificates

In this tab, you can import Client Certificates and choose to Trust or Reject them.

The list will display all Clients Certificates that were imported and their current trust status.

Server Certificate

In this tab, you can view the details of the Server Certificate, export the file (to import and trust the OPC Client), and Reissue it.

When the Reissue option is selected, all existing trust relationships that depended on the Server Certificate will be invalidated.

Error: No available certificate supports the specified security profile: Parameter name: securityProfileUri.

This error occurs when the security parameters of the Server certificate do not match those of the Client certificate. For example, on our server, we have the following certificate; if any of the parameters are incorrect when generating the Client certificate, the error will appear (we were able to reproduce the error in our lab).

Below, we will demonstrate the correct steps for using the OPC Server with security certificates:

1. Generate the OPCUA Server certificate.

2. Double-click the certificate and view the "Details" to verify the security type and the size of the Public Key (as shown in the previously displayed picture).

3. In "C:\ProgramData\WEGnologyEDGESuite," delete all the files. You can make a backup if desired. (If the 'certs' folder cannot be deleted because it is in use, just delete the files inside it.)

4. In WES, go to Devices > Nodes and select the desired URL.

5. In "Custom," configure the Application Name as "TRunModule." Set the Organization Name, Key Size, and Hash Algorithm according to the certificate identified in step 2, select the Server Certificate, and click OK. Add the Client Certificate that will appear, and choose where to save it in the folder "C:\ProgramData\WEGnologyEDGESuite."

6. Repeat step 5, but set the Application Name as "TManager."

7. On the OPCUA Server, import the two Client Certificates and mark them as trusted.

8. Click "Test" in WES, and you should see "Connected."

Project Runtime

Once all the configurations are done, you can launch the Project to test the communication exchange. Remember to have the OPC Server Module enabled in Run > Startup.

Open your OPC Client of choice (that is trusted by the OPC Server) and connect to the Endpoint defined to it. If all your configuration was done correctly, you should see the following Folders in the Server Address Space:

Tag: Contains the Project Tags with properties based on the Visibility (defined in Edit → Objects).

Public: Can be read and write in your OPC
Protected: Can only be read
Private: will not be seen or browsed.

Device: Information of the existing communication Nodes [Read-Only].
Info: Contains the following subfolders:

License: Details on the current license applied to the Project Server [Read-Only].
Module: Details on every Module of the Product (Alarms, Scripts, Report, etc) [Read-Only].
Project: Project information available at Info → Version [Read-Only].
ProjectSettings: Project information available at Info → Settings [Read-Only].

Server: Information available at the Server Namespace (ComputerIP, PrimaryIP, IsRedundancyEnabled, etc) [Read-Only].

TroubleShoot

The status of the Server can be observed through the Diagnostic tools, which are:

Trace Window: Enable the OPC Server and Debug CheckBoxes (in the settings menu) to visualize all information about this Module.
Module Information: Here you should be able to see the following information:
- State: Whether the Server is running, paused or stopped state.
- Available Items: Amount of variables in the Address Namespace.
- Last Error: Last error message that happened in the connection.
- Last Error Timestamp: Timestamp when the last error happened.
- OPC Clients Connected: Amount of clients connected to the Server.
- OPC Client: Individual information for each client connected (Name, Identity and Connection Time).