Professional OPC
Development Tools

logos

Online Forums

Technical support is provided through Support Forums below. Anybody can view them; you need to Register/Login to our site (see links in upper right corner) in order to Post questions. You do not have to be a licensed user of our product.

Please read Rules for forum posts before reporting your issue or asking a question. OPC Labs team is actively monitoring the forums, and replies as soon as possible. Various technical information can also be found in our Knowledge Base. For your convenience, we have also assembled a Frequently Asked Questions page.

Do not use the Contact page for technical issues.

OPC UA - relevant parameters

More
21 Jun 2024 06:30 #12882 by support
Hello.

OPC UA has three basic message security modes (None, Sign, SignAndEncrypt), and with the latter two, various security policies can be used. What gets used is in the end an effect of a negotiation between the client and the server. With QuickOPC, unless you specify more, something that works will be chosen.

If you want to influence that, you need to set the "endpoint selection policy" that is part of the UAEndpointDescriptor passed to each EasyUAClient method call.

Read:
opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Late...in%20Endpoint%20Selection.html
opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Late...e.html#Server%20Endpoints.html
And mainly:
opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Late...oint%20Selection%20Policy.html

By the default, all message security modes are enabled. If you want to pick some, or just one, you can do it e.g. like this:
            var endpointDescriptor = new UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:51210/UA/SampleServer")
            {
                EndpointSelectionPolicy = new UAEndpointSelectionPolicy(UAMessageSecurityModes.SecuritySignAndEncrypt)
            };
            object value = client.ReadValue(endpointDescriptor, "nsu=http://test.org/UA/Data/ ;ns=2;i=10305");
The details of your questions are not clear, though. In OPC UA terminology, "secure channel" is *always* used. The secure channel may use "None" message security mode, so in fact it can be insecure - but it is still there. With "None" message security policy mode, certificates can be omitted, or they optionally can be used to identify (but not authenticate!) the other side of the communication.

With "true" secure channel (with message security mode Sign or SignOrEncrypt), certificates are *always* used to authenticate the client and the server.

I do not know what you mean by "local CA" and "remote CA" verification, Certificate verification and is *always* done locally and does not use the CA at all. The CA may be used to *issue* the certificates (in OPC UA world, possibly over the GDS, Global Discovery Server/Certificate Manager), though, and in such case it is irrelevant where it was running at the time it has issued the certificates. Perhaps you need to explain more about what you actually looking for.

Best regards

Please Log in or Create an account to join the conversation.

More
20 Jun 2024 18:37 #12881 by support
Hello.

Publish interval is a physical characteristics of the OPC UA communication, and is determined automatically by QuickOPC. What you specify in QuickOPC subscription methods is the Sampling interval, which is often the device collects the data - and how often your application gets the data. The Sampling interval is always somewhere in the SubscribeXXXX method call - either directly as an arguments, or as a property inside the arguments - depending on which concrete SubscribeXXXX overload you are using. In many cases it is the last argument, as in this example:

opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Late...de%20for%20data%20changes.html

See also:
- opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Late...OPC%20UA%20Data%20Changes.html
- opclabs.doc-that.com/files/onlinedocs/OPCLabs-OpcStudio/Late...nsion~SubscribeDataChange.html

I will reply to the security-related questions in a separate post.

Best regards

Please Log in or Create an account to join the conversation.

More
20 Jun 2024 16:41 #12880 by Euzébio
Hi,
Is there a code example of an OPC UA client in C# that allows me to customize the following features?
  • No security mechanisms
  • Secure Channel with no use of certificate
  • Secure Channel with local CA verification
  • Secure Channel with remote CA verification

Also, I would like to know how to change the Publish Interval.

Please Log in or Create an account to join the conversation.

Moderators: support
Time to create page: 0.047 seconds