Encrypted connections

OPC UA offers the possibility to implement a secure communication channel via encrypted connections. Even before adding the symbol you can select the encryption method via the respective end point during the creation of the OPC UA Server in the Target Browser (see also: Adding an OPC UA Server).

Encrypted connections 1:

If you add the symbol to the Scope project, the selected encryption method is automatically adopted (see also: Addition of OPC UA symbols).

As soon as you click on Start Record to start the recording, a dialog appears requesting you to adjust the Scope Server configuration.

Encrypted connections 2:

In order to make the necessary configurations on the Scope Server so that the recording can be started, confirm the dialog. The Scope Server – Opc Ua Configuration window opens in which you are requested to trust the certificate of the OPC UA Server, with which the communication is to take place, on the client side (Scope Server) (Trust button).

Encrypted connections 3:

You can trust the certificate in a single case or add it to the list of trusted certificates via the check box Save to Trustlist.

In order to check the server certificate, the server URL of the OPC UA Server and the selected end point have to be entered in the window. You can open the detailed information about the certificate via the Details button.

Encrypted connections 4:

In addition to the "Common name" and the period of validity of the certificate ("Valid from/to"), the "Thumbprint" is of particular relevance. On the basis of the thumbprint you can determine whether the certificate is really that of the OPC UA Server to which you wish to connect.

During the first attempt to connect to an OPC UA Server it is additionally necessary to trust the certificate of the client (Scope Server) on the server side. The following error message informs you: „Connection to OPC UA Server failed. Please trust the client certificate at OPC UA Server.” In order to trust the certificate of the client on the server, copy the respective certificate in the certificate directory of the OPC UA Server from the "rejected" folder to the "trusted" folder.

If the certificates have been exchanged on both sides and you have trusted both, you can start the recording.