opcuaconfig

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
opcuaconfig [2024/08/08 09:21]
wikiadmin 		opcuaconfig [2025/03/24 20:27] (current)
wikiadmin [Notes]
Line 1: Line 1:
-===ErgoTech OPC-UA Server - Configuration=== 
  
-A number of parameters can be controlled by the ErgoTechConfiguration.properties (TransSECS) or the mix.properties(MIX) file. A sample, file is installed with the application.  If these parameters are not present in the file, the defaults will be used. +====== OPC UA Server Configuration Options ======
-<file> +
-opcua.serverhosts If present the hostnames provided will be used to create endpoints for the server +
-opcua.certs.dir  The root folder for all certificates.  This defaults to "security" in the folder in which the application is started +
-opcua.servername The name of the server. This defaults to MIXOPCServer +
-opcua.tcp.port The port for opc tcp connections +
-opcua.https.port The port for https connections +
-opcua.certificates.dir The folder that contains the server certificate +
-opcua.serverpass The password of the server certificate +
-opcua.trusted.cert.location The location of client certificates.  This defaults to security/security/pki.  Three folders, //issuers//, //rejected//, and  //trusted// folders contain the certificates.  Trusted client certificates should be placed in the //trusted// folder+
  
-opcua.bind.address  Additionallocalinterfaces to which to bind. +The following system properties configure the ErgoTech OPC UA Server: 
-opcua.securitypolicy The OPC security policy to use Options are//None, Basic128Rsa15, Basic256, Basic256Sha256, Aes128_Sha256_RsaOaep, Aes256_Sha256_RsaPss//  These options are described [[https://profiles.opcfoundation.org/profilefolder/474|in the OPC Foundation Documentation]] .  If not specified, Basic256Sha256 will be used.  Note that //None// is insecure.  The ErgoTech OPC Server will, by defaultpresent this on the local interface (accessible only by applications running on the same host).  //Basic256//, and //Basic128Rsa15// are deprecated and not recommended for security reasons.+ 
 +^ Property ^ Description ^ Default Value ^ 
 +| **opcua.serverhosts** | (Optional) Comma-separated list of hostnames to use when creating server endpoints. If not specified, the server will bind to default interfaces. | *none* | 
 +| **opcua.certs.dir** | (Optional) Root directory for all certificate-related files. | `certificates` (in the application start folder) | 
 +| **opcua.servername** | (Optional) Name of the OPC UA server. | `MIXOPCServer` | 
 +| **opcua.tcp.port** | (Optional) TCP port for OPC UA binary (opc.tcp) connections. | `12686` | 
 +| **opcua.https.port** | (Optional) Port for HTTPS-based OPC UA connections. | `8443` | 
 +| **opcua.serverpass** | (Required) Password for the server certificate's private key. | *none* | 
 +| **opcua.trusted.cert.location** | (Optional) Location of the client PKI folder. Must contain subfolders: `trusted/`, `rejected/`, and `issuers/`. | `security/security/pki` | 
 +| **opcua.bind.address** | (Optional) Additional local network interfaces to bind toUseful for multi-homed systems. | *none* | 
 +| **opcua.securitypolicy** | (Optional) Security policy for server endpointsSupported values''None''''Basic128Rsa15''''Basic256''''Basic256Sha256''''Aes128_Sha256_RsaOaep''''Aes256_Sha256_RsaPss''. If not specified, ''Basic256Sha256'' is used. | `Basic256Sha256` | 
 +| **allow.anonymous.identities** | (Optional) Allow anonymous identities.  If false a username/password is required to connect | *false* | 
 +==== Notes ==== 
 + 
 +  The server always exposes an endpoint with a security policy of **''None''**but it is bound only to the local interface (''localhost''). This allows local applications to easily connect to the serverIt does **not** pose a security risk because it is not accessible from external systems. 
 +  * Security policies ''Basic256'' and ''Basic128Rsa15'' are deprecated and should not be used unless required for legacy interoperability. 
 +  * Certificates for trusted clients should be placed in the `trusted/` folder within the specified `opcua.trusted.cert.location` directory. Rejected and issuer certificates should go in the `rejected/` and `issuers/` folders respectively.
  
-</file> 
  
 ===TransSECS OPC-UA Server Setup=== ===TransSECS OPC-UA Server Setup===
  • opcuaconfig.1723126892.txt.gz
  • Last modified: 2024/08/08 09:21
  • by wikiadmin