Endpoints
The TwinCAT OPC UA Gateway provides various endpoints for OPC UA clients via the standard port 48050/tcp. The endpoints define the connection type between client and server and whether it should be secured or unsecured.
 | Relationship of trust Please note that in order to use the secure endpoints, a trust relationship must be established between server and client, which is usually done via their certificates. The configuration of such a trust relationship on the gateway side is explained here. |
| Deprecated endpoints Please note that the security profiles currently available in the endpoints may be classified as potentially insecure over time and will be replaced by newer ones. In this case, an update of the TwinCAT OPC UA Gateway is recommended. A configuration switch can be used to reactivate security policies that are deprecated and classified as insecure. However, we recommend leaving this configuration switch disabled for security reasons. |
List of endpoints
The following list summarizes the endpoints of the TwinCAT OPC UA Gateway. This includes endpoints that have already been discontinued. By default, the TwinCAT OPC UA Gateway only offers endpoints that are currently considered secure.
Security profile | Security mode | Short description |
|---|---|---|
None | None | No encryption or signing of messages is carried out at this endpoint. Authentication, on the other hand, is possible. |
Basic128Rsa15 (deprecated) | Sign / Sign & Encrypt | This endpoint has been classified as deprecated from a security perspective and is disabled by default. If necessary, the endpoint can be enabled again. |
Basic256 (deprecated) | Sign / Sign & Encrypt | This endpoint has been classified as deprecated from a security perspective and is disabled by default. If necessary, the endpoint can be enabled again. |
Basic256Sha256 | Sign / Sign & Encrypt | Endpoint currently present in the server for secure signing and encryption. Additional authentication is possible. |
Aes256_Sha256_RsaPss | Sign / Sign & Encrypt | Endpoint currently present in the server for secure signing and encryption. Additional authentication is possible. |
Aes256_Sha256_RsaOaep | Sign / Sign & Encrypt | Endpoint currently present in the server for secure signing and encryption. Additional authentication is possible. |
All endpoints in the list can be enabled or disabled via the gateway configuration. In the following figure, all endpoints are enabled.
