avatar  


Recently viewed tickets

Log out

9.4 OPC UA Compatibility Notice

In the 9.4 firmware update, the way in which the OPCUAAccess object is created has changed. OPCUAUsername and OPCUAPassword have been deprecated and replaced with the OPCUAUserTokenName parameter. This means old configurations will no longer function.


The OPCUAAccess object now contains the following elements:

NOTE: The Security mode is an EXPERIMENTAL new feature and all security-related configuration is subject to change.

  • OPCUASecurityMode (string-enum, optional). The security mode for the communication channel between DCM (OPC-UA client) and the OPC-UA server. Currently 3 possible values exists: "none", "sign" or "signencrypt". If not specified, "none" is default.
  • OPCUASecurityPolicy (string, optional). The security policy to use when the OPCUASecurityMode is "sign" or "signencrypt". Currently 5 possible values exists: "none", "Basic128Rsa15", "Basic256", "Basic256Sha256" or "Aes128_Sha256_RsaOaep". If not specified, the Policy that matches any suitable endpoint will be used.
  • OPCUACertificate (string, optional) name of the certificate to use for authentication during collection of data if the OPCUASecurityMode is "sign" or "signencrypt". If not specified, the name opcua-cert- CollectorName will be used. If such a certificate does not exist in the certificate store, it will be created.
  • OPCUAPrivateKey (string, optional) name of the private key to use for encryption during collecting data if the OPCUASecurityMode is "sign" or "signencrypt". If not specified, the name opcua-pkey- CollectorName will be used. If such a private key does not exist on the certificate store, it will be created.
  • OPCUAServerCertificates (array of strings, optional) name of the certificates imported from the OPC-UA server(s), this collector retrieves data from. If not specified, any server will be accepted as valid. If specified as an empty array, then all certificates of the OPC-UA Server certificate type will be used.
  • OPCUAUserTokenType (string-enum, mandatory) The user authentication methods used when collecting data. Currently 4 possible values exists: "anonymous", "username", "certificate" or "issuedtoken".
  • OPCUAUserTokenName (string, maybe-optional) name of the 'username/password information', 'certificate' or 'issuedtoken' to use. Mandatory if OPCUAUserTokenType is "username", "certificate" or "issuedtoken". The name refers to an entry in the certificate store, which should contain:
  • For "username": a file with 2 lines of text: The username and the password.
  • For "certificate": an X.509 certificate.
  • For "issuedtoken": a BASE64 encoded text file.
  • OPCUAUsername (string, maybe-optional) The username to use for the OPC-UA session. This parameter is deprecated and OPCUAUserTokenName should be used instead as it is more flexible and secure. It may be removed in a future software release.
  • OPCUAPassword (string, maybe-optional) The password to use for the OPC-UA session. This parameter is deprecated and OPCUAUserTokenName should be used instead as it is more flexible and secure. It may be removed in a future software release.
  • OPCUAPath (string, optional) additional path component to the URL used for connecting to the OPC-UA server.
  • OPCUATimeStampPolicy (string-enum, mandatory). The timestamp to mark collected data with. Currently 3 possible values exists: "source", "server" or "dcm". If the polled OPC-UA server doesn't support the requested timestamp, DCM will fall back from Source->Server->DCM. This field also serves as the default value for the optional field OPCUATimeStampPolicy in sample OPCUAObject.
  • OPCUATimeout (integer > 0, optional). Timeout (in millisecond) for OPC-UA query requests. If not present the value 5000 is used.


Creation date: 13/04/2021 09:49 (ran@secomea.com)      Updated: 13/04/2021 09:49 ()