OPC UA Settings

After establishing broker connections, subscriptions, and tags information, click the overflow icon of the MQTT plugin, and then select OPC UA Settings to connect to the OPC UA server and establish the OPC UA client connection.

Enter the required details in the following sections of OPC UA Settings page:

Server
Logging
Security
Certificate
Trust List

Server

The server connection fields are populated automatically by the system. You can also change the server details as required.

Table 1. OPC UA Server Details
Field	Description
PORT	The OPC UA Client port the device will use.
NETWORK ADDRESS	The unique identification of your physical computer or a device name.
LOGICAL HOST NAME	Host name of the server on which OPC UA is installed.
ORGANIZATION NAME	Name of the Organization that owns the application.
INSTANCE NAME	Information about the OPC UA client.
ENDPOINT URL	A network location that OPC UA Client applications can use to find and connect to an OPC UA Server. Note: An endpoint is a physical address available on a network that allows clients to access one or more services provided by a server. An OPC UA Endpoint URL (Uniform Resource Locator) is a formatted text string that consists of three or four parts (substrings): Network protocol ((must be opc.tcp (case sensitive)). Host name or IP address. Port number. (Optional) File or resource location. The OPC UA specific URL, it shows as: `opc.tcp://hostname:38212/<file or resource location>`
APPLICATION URL	The unique address reference on the Internet. Also, referred to as the web address.
APPLICATION NAME	Name of the application.

Note:

If you modify the OPC UA server details, it is recommended to select Restart Server to establish the OPC UA server connection.
If you want to restart the OPC UA server, select Restart Server and then, click Yes to the Confirm Regenerate prompt message. After successful server connection, the following message appears.
OPC UA Server successfully restarted.

Logging

Logging helps you to record the error reports. The logging section displays the number of log files, maximum entries per log file, application trace level, stack trace level, and log file path fields. You can select the application level and stack level log files as required from the respective drop-down list.

Note: You can enable or disable logging using the toggle switch in the Logging section.

Table 2. Logging Configuration
Field	Description
NUMBER OF LOG FILES (MAX 100)	The number of files for log backups (range is from 1 to 100).
MAXIMUM ENTRIES PER LOG FILE	The number of entry per log file (range is from 0 to 1000000000).
APPLICATION TRACE LEVEL	You can trace the errors or warnings to generate the trace messages. From the application trace level, you can select None, Error, Errors and Warnings, Error, Warnings and Information or, Detailed (may impact performance) as required.
STACK TRACE LEVEL	You can trace the information about frequently used operations. The stack trace helps to find out the debugs in an operation and to figure out the problems for any bug generated in the operation. From the application trace level, you can select None, Error, Errors and Warnings, Error, Warnings and Information or, Detailed (may impact performance) as required.
LOG FILE PATH	Location of the log file. <Installation Location Drive>\Program Files\Proficy\MQTTClient\Logs\OpcUaServer.log
OPTIMIZE LOG WRITES	Select the Optimize Log Writes check box to optimize log events, use structured logging, exclude sensitive information, and to store the data.

Security

Use the check boxes in the Privacy and Integrity and Security Policies sections to ensure data is secured and protected from unauthorized access. Only authorized users can access the data to view and modify as per user access privileges.


Privacy and Integrity
ALLOW SECURE COMMUNICATION WITHOUT DATA PRIVACY (SIGNONLY)	Encryption is still used in the initial handshake. This mode is not appropriate when legal requirements prohibit the use of encryption.
ALLOW SECURE COMMUNICATION WITH DATA PRIVACY (SIGNANDENCRYPT)	All messages are signed and encrypted.
Security Policies
BASIC256SHA256 (RECOMMENDED)	For configurations that require high security.
AES128-SHA256-RSAOAEP (RECOMMENDED - FASTEST)	For configurations that require high speed with average security.
AES256-SHA256-RSAPSS (RECOMMENDED - MOST SECURE)	For configurations that require very high security.

Note:

BASIC256 and BASIC128RSA15 are deprecated due to vulnerability and theoretical issues.
You can verify the security permissions at the following location.
<Installation Location Drive>\Program Files\Proficy\MQTTClient\ServerConfig.xml

Certificate

To establish the trusted connection with the OPC UA client, you must generate the self-signed certificate.

Select Generate Self-signed certificate.
A prompt message appears. Click Yes to regenerate the server certificate.
Important: All previous server settings will be removed, and new details are updated.
OPC UA certification created successfully message appears.
Select Restart Server to use the certificate. The new server certificate details are populated in the Certificate section.
To view the server certificate, navigate to <Install Location Drive>\Proficy\MQTTClient\UA\pkiserver\own\certs.

Trust List

The trust list will display the certificate status (trusted and rejected) and its validity period. Use the overflow icon and select Trust to trust the rejected certificate, or select Reject to reject the already trusted certificate, and select Delete to delete the certificate from the trust list.

If a client certificate is not displayed in the Trust List table:

Select the Refresh icon. This will load the client certificate to the Trust List table or,
Select the Add Certificate icon. The Import Trust Certificate dialog appears. You can then browse to the client certificate location and Trust the certificate.

After the OPC UA settings information is saved, you can select the overflow icon of the MQTT plugin and select Publish to publish the changes to the MQTT server. Refer to Save and Publish for more details.