# OPC-UA

## Data Tag Address

Use the format:

```
ns=[namespace];s=[addressToTag]
```

* `namespace`: Namespace of the tag.
* `addressToTag`: Identifier for the tag.
* Example: `ns=2;s=TilliTDO-Demo.Line1.EquipmentStatusStopped`

## **Connection Setup**

* Select **OPC-UA** as the connection type.
* TilliT Edge will attempt a secure connection using **Basic256Sha256** with a self-signed certificate.
* Ensure the endpoint allows **anonymous access** by default.
* For advanced connection details, input settings in JSON format in the options field.

### **Changing Security Mode**

Use the following values for `securityMode` in the options field:

* `0`: Invalid
* `1`: None
* `2`: Sign
* `3`: SignAndEncrypt

```
Invalid = 0, 
None = 1, 
Sign = 2, 
SignAndEncrypt = 3
```

### **Changing Security Policy**

Use these values for `securityPolicy`:

* `invalid`: Invalid
* `http://opcfoundation.org/UA/SecurityPolicy#None`: None
* `http://opcfoundation.org/UA/SecurityPolicy#Basic128`: Basic128
* `http://opcfoundation.org/UA/SecurityPolicy#Basic192`: Basic192
* `http://opcfoundation.org/UA/SecurityPolicy#Basic192Rsa15`: Basic192Rsa15
* `http://opcfoundation.org/UA/SecurityPolicy#Basic256Rsa15`: Basic256Rsa15
* `http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256`: Basic256Sha256

```
Invalid = "invalid",
None = "http://opcfoundation.org/UA/SecurityPolicy#None",
Basic128 = "http://opcfoundation.org/UA/SecurityPolicy#Basic128",
Basic192 = "http://opcfoundation.org/UA/SecurityPolicy#Basic192",
Basic192Rsa15 = "http://opcfoundation.org/UA/SecurityPolicy#Basic192Rsa15",
Basic256Rsa15 = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Rsa15",
Basic256Sha256 = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256",
```

## **Connection with Username and Password**

Contact your support team to set up authentication with a username and password

## Example

Type the following into the options field to enable an insecure connection.

```
{"securityMode":1, "securityPolicy":"http://opcfoundation.org/UA/SecurityPolicy#None"}
```

**Endpoint Configuration in Ignition**:

* Navigate to `Config -> OPC UA -> Security -> Server Settings`.
* Restart the OPC-UA server for changes to take effect. **Ignore console confirmations until the server restarts.**

## **Certificate Authorization on Endpoints**

* For secure connections, TilliT Edge uses a self-signed certificate.
* On your OPC-UA server, locate the certificate in the **quarantined zone** (e.g., in Ignition: `Config -> OPC UA -> Security -> Server`).
* Mark the certificate as **trusted**.
* Once authorized, TilliT Edge can connect and read data tags.

![](https://s3.amazonaws.com/helpscout.net/docs/assets/60208fd212248b2c96d50eeb/images/6110c907766e8844fc34e98f/file-Y8af6boNtk.png)

##