System Requirements

To make use of this feature, the following system requirements need to be matched.

  • KepServerEx V5 (or higher).
  • OPC UA Protocol



How to Use

The procedure for a successful OPC UA connection is divided into three main steps.

  • KepServerEx OPC UA Server Configuration
  • Creating certificates for Engineering and Runtime
  • Importing client certificates on OPC UA

KepServerEx Configuration

At KepServerEx project properties, enable support for OPC UA. Use the command “Reinitialize” after changing the settings so they can be applied.


In the Server EndPoints tab, configure the endpoint parameters (network adapter, port number, and security policies) and copy the URL because it will be used later.

For the security policies configuration, you need to enable one (or both) of the following:

  • Basic256.
  • Basic128Rsa15.


On the Instance Certificates page, click on the Export Button and select a folder to save the certificate for the OPC UA Server.


Engineering and Runtime Configuration

In your Project, navigate to Devices > Channels and create a new OPC UA channel.


In Devices > Nodes, paste the OPC URL (copied from the previous section) in the PrimaryStation configuration popup. Fill in the remaining parameters accordingly.

For the Server Endpoint URL, you should NOT change from 127.0.0.1 to localhost. The Endpoint needs to be the same one used in the Server Instances Tab.

Then, click on the Certificates button to launch the UaClientConfigHelperNet4.exe tool. Make sure the file is launched with Administrator privileges.


The certification tool can also be launched (with admin rights) from the Product’s installation folder.

..\fs-9.1\UaClientConfigHelperNet4.exe.


The steps to create a certificate are described below:

  • With the exe opened, browse for the application (\fs-9.1\TManagerExe.exe).
  • Press Create UA Configuration, Edit UA Configuration, and press Certificates.
  • Press the Create Button.
  • Press “Server Certificates”, the “Import” button, and select the server certificate created by the Kepware application.
  • Press “Export”.
  • Press “OK”, and “Save and Close”.

The steps above are illustrated in the image below.


The same procedure must be repeated for the \fs-9.1\TRunModule.exe application.



Importing Client certificates and Testing Connection

Back at KepServerEx, import the two certificates created in the previous section. Go to the OPC UA Configuration Manager - Trusted Clients Tab.


Once the certifications have been trusted, we can test our connection. On the Project's Devices > Nodes page, open the PrimaryStation configuration popup and click on Test button. If this was done correctly, you should see an OK status.


Lastly, on Devices - Points, create a row for our OPC Node and assign a Tag to it. In the Address column, you will be able to browse for every available Tag found on the Server in a TreeView style popup.


This error occurs when the security parameters of the Server certificate do not match those of the Client certificate. For example, on our server, we have the following certificate; if any of the parameters are incorrect when generating the Client certificate, the error will appear (we were able to reproduce the error in our lab).

Below, we will demonstrate the correct steps for using the OPC Server with security certificates:

1. Generate the OPCUA Server certificate.

2. Double-click the certificate and view the "Details" to verify the security type and the size of the Public Key (as shown in the previously displayed picture).

3. In "C:\ProgramData\WEGnologyEDGESuite," delete all the files. You can make a backup if desired. (If the 'certs' folder cannot be deleted because it is in use, just delete the files inside it.)

4. In WES, go to Devices > Nodes and select the desired URL.

5. In "Custom," configure the Application Name as "TRunModule." Set the Organization Name, Key Size, and Hash Algorithm according to the certificate identified in step 2, select the Server Certificate, and click OK. Add the Client Certificate that will appear, and choose where to save it in the folder "C:\ProgramData\WEGnologyEDGESuite."

6. Repeat step 5, but set the Application Name as "TManager."

7. On the OPCUA Server, import the two Client Certificates and mark them as trusted.

8. Click "Test" in WES, and you should see "Connected."





OPCServer Available Data

If the available data in the OPCServer is from internal data (server information and diagnostics) or if the available data is from a simulation channel, the data can be exchanged by exception and the FS Node “Enable Read Polling” checkbox can be disabled.

If you are using the “Kepware OPC UA Client” or another device, you will need to enable the FS Node “Enable Read Polling” checkbox.

WE SUGGEST TESTING TO MAKING SURE THE CONNECTION AND DATA EXCHANGE IS WORKING PROPERLY and READING THE INTERNAL DATA FROM THE OPCSERVER KEPWARE. _System._Time_Second OR ANY SIMULATION VALUE.


  • No labels