Configuring an OPC UA DA Collector

About this task

Configure values using the OPC UA Collector Maintenance - Configuration section.

Procedure

Select an OPC UA DA collector from the list on the left of the Administrator Tool Collectors section.
Select Configuration.
The following page appears.

Enter values for the collector-specific field parameters.

Field	Description
OPCUA Server URI	Format: opc:tcp://localhost:12345 This field represents the OPC UA Server URI to which the collector connects. By default, it points to the local host. If this field is updated, the collector must be restarted for the update to take effect. Note: This field requires a Unified Resource Identifier (URI), which is a superset of the Uniform Resource Locator (URL). The OPC UA-Server has a URI (not URL), which you must enter in this field.
Secured Connectivity	When enabled, this field ensures secured connectivity between the OPC UA Server and the OPC UA DA Collector. By default, this field is disabled (false). The secured connectivity can be established by Using certificates or User authentication. If the Secured connectivity is “true” and Enable User Security is unchecked (false), the secured connectivity will be established by using certificates. If the Secured connectivity is “true” and Enable User Security is checked (true), the security connectivity will be established by User authentication. Note: Ensure that the client certificate is added to the OPC UA Server's Trusted list. This is applicable in either of the cases.
Enable User Security	When enabled, this field allows you to enter Username and Password credentials to authenticate the connection to the OPC UA server. You must provide OPCUA Server’s user name and password. If the username and password is not provided, then the collector will pick the username and password from the ClientConfig.ini file. Refer to the section below for a detailed description on ClientConfig.ini file. The collector must be restarted, if any changes are made in the collector configuration or ClientConfig.ini file.

Field

Description

OPCUA Server URI

Format: opc:tcp://localhost:12345

This field represents the OPC UA Server URI to which the collector connects. By default, it points to the local host. If this field is updated, the collector must be restarted for the update to take effect.

Note: This field requires a Unified Resource Identifier (URI), which is a superset of the Uniform Resource Locator (URL). The OPC UA-Server has a URI (not URL), which you must enter in this field.

Secured Connectivity

When enabled, this field ensures secured connectivity between the OPC UA Server and the OPC UA DA Collector. By default, this field is disabled (false).

The secured connectivity can be established by Using certificates or User authentication.

If the Secured connectivity is “true” and Enable User Security is unchecked (false), the secured connectivity will be established by using certificates.

If the Secured connectivity is “true” and Enable User Security is checked (true), the security connectivity will be established by User authentication.

Note: Ensure that the client certificate is added to the OPC UA Server's Trusted list. This is applicable in either of the cases.

Enable User Security

When enabled, this field allows you to enter Username and Password credentials to authenticate the connection to the OPC UA server. You must provide OPCUA Server’s user name and password.

If the username and password is not provided, then the collector will pick the username and password from the ClientConfig.ini file. Refer to the section below for a detailed description on ClientConfig.ini file.

The collector must be restarted, if any changes are made in the collector configuration or ClientConfig.ini file.

What to do next

Using ClientConfig.ini

All the security related configuration for OPC UA collector to establish secured connectivity to OPC UA server will be done by using ClientConfig.ini file. This file is located in C:\Program Files\GE Digital\Historian. The OPC UA DA Collector\Server64 ClientConfig.ini file has options to select Trust Certificate type, Security Policy, Security Mode, Username and Password. There are default values provided, however these can be configured accordingly.

Sample ClientConfig.ini file:

[UaClientConfig] 
ApplicationName =OPCUACollector

;TrustCertificate value (only used in secured connection): 
; 0 (No trust), 
; 1 (Trust temporarily) 
; 2 (Default, trust permanently and copy the server certificate into the client trust list) 
TrustCertificate =2

; Security Policy - Only applicable if TrustCertificate value is 2 
; 0 (http://opcfoundation.org/UA/SecurityPolicy#None ) 
; 1 (http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15) 
; 2 (http://opcfoundation.org/UA/SecurityPolicy#Basic256) 
; 3 (http://opcfoundation.org/UA/SecurityPolicy#Aes256_Sha256_RsaPss)
; 4 (http://opcfoundation.org/UA/SecurityPolicy#Aes128_Sha256_RsaOaep)
; 5 (http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256)
SecurityPolicy =2

Note: If you want to change the security policy, update the value of SecurityPolicy in the ClientConfig.ini document located at C:\Program Files\GE Digital\Historian OPC UA DA Collector\Server64\, Where C is the installation drive. By default, the value of SecurityPolicy will be 2.

; SecurityMode 
; 0 None 
; 1 Sign 
; 2 SignAndEncrypt 
SecurityMode =0

CertificateTrustListLocation =/[ApplicationPath]/pkiclient/trusted/certs/ 
CertificateRevocationListLocation =/[ApplicationPath]/pkiclient/trusted/crl/ 
IssuersCertificatesLocation =/[ApplicationPath]/pkiclient/issuers/certs/ 
IssuersRevocationListLocation =/[ApplicationPath]/pkiclient/issuers/crl/ 
ClientCertificate =/[ApplicationPath]/pkiclient/own/certs/uaclientcpp.der 
ClientPrivateKey =/[ApplicationPath]/pkiclient/own/private/uaclientcpp.pem
RetryInitialConnect               =true
AutomaticReconnect                =true 
Username =admin 
Password =admin

Note: The RetryInitialConnect parameter is used to retry connecting to the OPCUA DA server when the collector fails to connect to the server initially. The AutomaticReconnect parameter is used to retry connecting to the OPCUA DA server when the collector fails to connect to the server subsequently.