dl-breadcrumbs__homedl-breadcrumb-item__separatorConfiguration and programmingdl-breadcrumb-item__separatorProgramming with CODESYSdl-breadcrumb-item__separatorAutomation Builderdl-breadcrumb-item__separator...dl-breadcrumb-item__separatorProgramming of Applications dl-breadcrumb-item__separatorRuntime systems, OPC UA serverdl-breadcrumb-item__separatorReference dl-breadcrumb-item__separatorDialogs dl-breadcrumb-item__separatorDialog: Device Security Settings (OPC UA Server)
dl-pagination__prev-inactivedl-pagination__prev-activedl-pagination__next-inactivedl-pagination__next-active
Dialog: Device Security Settings (OPC UA Server) dl-permalink__symbolPermalink

Function: The dialog shows all device security settings which are provided by the connected controller.

Call: “Communication Settings” tab, “Device”“Security Settings” menu command

Requirements: You have installed the CODESYS Security Agent.

The following table shows the settings which affect the OPC UA Server.

Setting

Description

‎CommunicationPolicy‎

Applied OPC UA security policy. The selected policy and all more secure options are used.

  • ‎POLICY_AES256SHA256RSAPSS‎: Start from Aes256Sha256RsaPSS

  • ‎POLICY_BASIC256SHA256‎: Start from Basic256Sha256

  • ‎POLICY_AES128SHA256RSAOAEP‎: Start from Aes128Sha256RSAOAEP (default setting)

‎CommunicationMode‎

Mode for communication

  • ‎SIGNED_AND_ENCRYPTED‎: Allows only signed and encrypted communication

  • ‎MIN_SIGNED‎: Allows signed or signed and encrypted communication

  • ‎SECURE_IF_POSSIBLE‎: Allows communication in plain text if an X.509 certificate is not available for the OPC UA Server. Disables unsecure mode as soon as a certificate has been generated. (default setting)

  • ‎ALL‎: Allows secure and unsecure communication

  • ‎ONLY_PLAINTEXT‎: Allows only unsecure communication

‎Activation‎

Activation/Deactivation OPC UA Server

  • ‎DEACTIVATED‎: OPC UA Server deactivated

  • ‎ACTIVATED‎: OPC UA Server activated (default setting)

‎UserAuthentication‎

UserToken of the OPC UA Server

  • ‎ENABLED‎: The UserTokens are generated to match the configuration of the device user management. (default setting)

  • ‎ENFORCED‎: The anonymous UserToken is disabled. Regardless of whether anonymous access is allowed in the device user management.

‎AllowUserPasswordOnPlaintext‎

Transfer passwords in plain text if a OPC UA Server certificate is not available

  • ‎YES‎: Transmission of passwords in plain text is allowed. This setting is not recommended.

  • ‎NO‎: Transmission of passwords in clear text is not allowed. (default setting)

‎EnableCRLChecks‎

Enable/Disable check of certificate revocation lists (CRLs). CRLs are used for CA-signed certificates.

  • ‎YES‎: Check of CRL enabled (default setting)

  • ‎NO‎: Check of CRLs disabled

For more information, see:

‎EnableSelfSignedCertBackwardInteroperability‎

The OPC UA specification requires that for self-signed certificates the ‎cA‎ bit is set in the extensions. This allows even signed ApplicationInstanceCertificates (server or client certificate) to be misused as CA.

  • ‎YES‎: Allows these certificates. This setting is less secure, but increases compatibility. (default setting)

  • ‎NO‎: Forbids ApplicationInstance certificates from having the ‎cA‎ bit set in the extension. This setting is more secure, but decreases compatibility.

‎DeactivateSecurityPolicy‎

Disabling of security policies

Entry as PolicyURL (for example ‎http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256‎) in a comma-separated list

‎ApplicationName‎

Defines the common name (CN) of the OPC UA Server certificate. If this setting is not set, then OPCUAServer@<HOSTNAME> is used.

‎CompanyOrOrganizationName‎

Defines the organizational unit (OU) of the OPC UA Server certificate

‎City‎

Defines the locality (L) of the OPC UA Server certificate

‎State‎

Defines the state or province name (S) of the OPC UA server certificate

‎Country‎

Defines the country name (C) of the OPC UA server certificate