dl-breadcrumbs__homedl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separatorProgramming with CODESYSdl-breadcrumb-item__separatorAutomation Builderdl-breadcrumb-item__separator...dl-breadcrumb-item__separatorProgramming of Applications dl-breadcrumb-item__separatorRuntime systems, OPC UA serverdl-breadcrumb-item__separatorData Link with Data Sources dl-breadcrumb-item__separatorEstablishing the Connection of a Data Source OPC UA Client to an OPC UA Server
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
Establishing the Connection of a Data Source OPC UA Client to an OPC UA Server

Requirement:

  • An OPC UA Server is available.

  • You have installed the CODESYS Security Agent add-on in CODESYS.

  • CODESYS is open.

  • The “Allow anonymous login” option is selected for your controller in the “Change Communication Policy” dialog of the device editor (“Communication Settings” tab, “Change Communication Policy” command, “Device” menu). Or the user management has been explicitly disabled (for example, by switching to “Optional user management” in the “Change Communication Policy” dialog and then “Reset Origin”).

  • NOTE: When a user management is active on the controller, a login with user name and password is required for a connection from the client to the OPC UA Server. In the case that the communication is established via a data source, see the “User name” setting below ⮫ Authentication in the data source editor.

  1. Start the OPC UA Server.

  2. Create a new CODESYS project.

  3. Add a ⮫ Data Sources Manager object to the application.

  4. Add a “Data Source” “OPC UA-Server” to the “Data Sources Manager”.

    The ⮫ Datasource dialog opens.

  5. In the “Initialize Data Source” dialog, configure the data source for communication in the following.

    With the option ⮫ Read Connection Settings from IEC Variable option, you can dynamically configure the connection settings instead of defining them here in the dialog. For more information, see: ⮫ “Using a Dynamic Connection to an OPC UA Server ”

    The settings from this dialog are reflected accordingly on the “Communication” tab of the data source manager:

    • For “Where to find the server layout”, define how the information about the existing variables and types should be detected. When you select the “Browse Live Server” option, the OPC UA Client connects to the OPC UA Server for this purpose and reads the information there. When you select “From Information Model”, the client reads the same information from an installed information model and does not require a running OPC UA Server to do this.

    • For “Server URL”, specify the URL of the started OPC UA Server.

    • Click the “Show All Endpoints” button to open the “Available Endpoints” dialog.

    • Select an endpoint which defines an “Encrypt & Sign” message security mode and a corresponding security strategy. After the dialog is closed, these settings are transferred to the “Security” section of the “Initialize Data Source” dialog.

    • Choose a suitable “Client certificate” to access the server for browsing purposes. If a certificate is not available for selection yet, then you can have one generated immediately. To do this, click the _comm_icon_create_certificate.png button to open the “Generate self-signed certificate” dialog. Define a password for your private key and a file name for the certificate. When you click “OK”, the certificate is generated and automatically entered into the certificate store. The *.cer and *.pfx certificate files are stored with the project file. As a result, you can "give" the certificate with the public key (*.cer) to the server so that it "knows" the certificate. You can also share the private key (*.pfx) to make the project usable on another machine (for browsing).

      Note that this certificate can be used only for browsing the server for variables and data types. An additional certificate is required for data exchange in online mode. Its creation is described below.

  6. Click “Next”. Now the client scans the OPC UA Server to find the variables and types of the OPC UA Server. The OPC UA Server has to be in online mode to do this.

  7. Now select one or more variables.

    These variables can be exchanged later via encrypted communication between the OPC UA Client and the OPC UA Server. For the variables, components are created in the “Devices” view, in the “DataSources_Objects” folder. The variables can be used in the application.

  8. In the next steps, you create a certificate for the encrypted communication from the OPC UA Client to the OPC UA Server.

  10. Switch to the “Devices” tab.

  11. In the view on the left, select the controller.

    In the right view, all services of the controller are displayed which require a certificate.

  12. Select the service “CmpOPCUAClient”.

  13. Create a new certificate for the device. To do this, click the _cds_img_create_certificate.png icon.

    The “Certificate Settings” dialog opens.

  14. Define the certificate parameters and click “OK” to close the dialog.

    The certificate is created on the controller.

  15. Click the _csa_icon_upload_cert.png button and save the certificate to the local file directory of the OPC UA Server, in the ‎certs‎ folder.

    Now when you restart the OPC UA Server, it will recognize the client certificate. The server sends its certificate to the client. In the following steps, this certificate will be made "trusted" to the client.

  16. To do this, in the “Security Screen” view, on the “Devices” tab, click the “Certificates in Quarantine” folder in the left area.

    The certificate is displayed in the right area.

  17. Drag this certificate to the “Trusted Certificates” folder.

    Now the server certificate is "trusted" by the client.

  18. Now when you connect to the controller and the application starts, the data source variables of the OPC UA Client can be exchanged with the OPC UA Server via the encrypted connection.