Requirements for OPC-UA

From Tillit Edge to an OPC-UA source

When you select an OPC-UA connection type, TilliT Edge will attempt a secure connection to the datasource endpoint using Basic256Sha256 and a self-signed certificate. The session will default to an anonymous access policy, as such the endpoint will need to have anonymous access enabled. If you require these connection details to be changed, use the options field to add advanced connection details in a json format.

Using a Different Security Mode

Invalid = 0, 
None = 1, 
Sign = 2, 
SignAndEncrypt = 3

Using a Different Security Policy

Invalid = "invalid",
None = "http://opcfoundation.org/UA/SecurityPolicy#None",
Basic128 = "http://opcfoundation.org/UA/SecurityPolicy#Basic128",
Basic192 = "http://opcfoundation.org/UA/SecurityPolicy#Basic192",
Basic192Rsa15 = "http://opcfoundation.org/UA/SecurityPolicy#Basic192Rsa15",
Basic256Rsa15 = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Rsa15",
Basic256Sha256 = "http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256",

Connection with Username and Password

For a connection to be authenticated with a username and password, reach out to your contact and we will help you through this process.

EXAMPLE

Type the following into the options field to enable an insecure connection.

{"securityMode":1, "securityPolicy":"http://opcfoundation.org/UA/SecurityPolicy#None"}

Inside Ignition, the settings for the above mentioned connections details can be found in via Config -> OPC UA -> Security -> Server Settings. The image below is an example of a working endpoint that TilliT Edge can connect to.

IMPORTANT! The server needs to be restarted for these settings to apply. Do not be fooled by any confirmation you see in the console.

Authorise the certificate on the endpoint

If using a scure connection, your Edge will attempt a connection with a self signed certificate. You will now need to 'Accept' the certificate as trusted on your OPC-UA server. As an example, in Ignition this is Config -> OPC UA -> Security -> Server and the TilliT Edge certificate should be located in the quarantined zone. Move/Click on the certificate to mark it as trusted. The edge now has enough permissions to connect and start reading the data tags you have supplied.

Contact our team for any further troubleshooting.

Last updated