Make an OPC UA Server and the UA Local Discovery Server Trust Each Other

Updated Dec 21, 2017

Reported In

Software

  • LabVIEW Datalogging and Supervisory Control Module
  • LabVIEW OPC UA Toolkit

Issue Details

I have installed the UA Local Discovery Server (LDS). How do I make an OPC UA server and the LDS trust each other?
 

Solution

The LDS accepts registrations from local OPC UA servers. LDS also collects and publishes information, such as the name, the endpoint URL, etc. about OPC UA servers. After OPC UA servers register with the LDS, OPC UA clients can read the information about the registered OPC UA servers from the LDS.

The LabVIEW Datalogging and Supervisory Control (DSC) Module (before version 2017) and LabVIEW OPC UA Toolkit provide the Register Server VI to register an OPC UA server with the LDS. Before you register an OPC UA server with the LDS, you must ensure that the OPC UA server trusts the certificate file the LDS uses and that the LDS trusts the OPC UA server. 

There are two main steps to configure the OPC UA server and the LDS to trust each other. First, you will need to configure the Microsoft Management Console to view, export, and import Certificates. Then, you will need to make the OPC UA Server and the LDS trust each other. Details for each of these steps are listed below.

 

Configuring Microsoft Management Console to View, Export, and Import Certificates:

You can use Microsoft Management Console to view and export the certificate file the LDS uses. You also can use Microsoft Management Console to view and import the certificate file the OPC UA server uses. Before you make the OPC UA server and the LDS trust each other, you must configure Microsoft Management Console on your computer so that Microsoft Management Console can view, export, and import certificate files. Complete the following steps to configure Microsoft Management Console:
  1. In the Windows Start menu, navigate to the Command Prompt program and type mmc.exe to launch Microsoft Management Console.
  2. Select File»Add/Remove Snap-in to display the Add or Remove Snap-ins dialog box.
  3. Select Certificates and click Add to add the certificates snap-in in Microsoft Management Console.
  4. Select Computer account and click Next to display the Select Computer dialog box.
  5. Select Local computer and click Finish so that you can use Microsoft Management Console to manage certificate files on local computers.
  6. Click OK to apply the changes.

After you configure Microsoft Management Console, you can view certificates on your local computer under Console Root in Microsoft Management Console.

 

Making the OPC UA Server and the LDS Trust Each Other:

the LDS, you must export the certificate file the LDS uses and specify this certificate file for the OPC UA server to trust. Complete the following steps to make the OPC UA server trust the LDS:
  1. In Microsoft Management Console, select Console Root»Certificates (Local Computer)»UA Applications»Certificates to select the certificates the LDS uses.
  2. In the Issued To column, right-click UA Local Discovery Server and select All Tasks»Exportto launch the Certificate Export Wizard dialog box. You use the Certificate Export Wizarddialog box to export certificate files that the LDS uses.
  3. Click Next to display the Export File Format page.
  4. Select DER encoded binary X.509 (.CER) and click Next
      Note: The OPC UA server supports only the DER encoded binary X.509 (.CER) file format.
  5. Specify a file name for the certificate file the LDS uses and click Next.
  6. Verify the settings that you specify and click Finish to export the certificate file the LDS uses.

After you export the certificate file the LDS uses, you must enter the path to this certificate file to the local discovery server certificate file input of the Register Server.vi so that the OPC UA server trusts the LDS.

You can make the LDS trust the OPC UA server by importing the certificate file the OPC UA server uses. Complete the following steps to make the LDS trust the OPC UA server:

  1. In Microsoft Management Console, select Console Root»Certificates (Local Computer)»UA Applications»Certificates.
  2. Select Action»All Tasks»Import to launch the Certificate Import Wizard dialog box. You use the Certificate Import Wizard dialog box to import the certificate file the OPC UA server uses.
  3. Click Next to display the File to Import page.
  4. Click Browse to display the Open dialog box.
  5. Select All Files (*.*) from the pull-down list.
  6. Select the certificate file with the .der file extension that the OPC UA server uses and click Open. Refer to the Protecting OPC UA Data Items topic in the LabVIEW Help to understand the certificate file that OPC UA servers use and where the certificate file is located.
  7. Click Next to display the Certificate Store page and select Place all certificates in the following store. Ensure that the UA Applications displays in the Certificate store field and click Next.
  8. Verify the settings that you specify and click Finish to import the certificate file the OPC UA server uses. 
      Note: When you select Console Root»Certificates (Local Computer)»UA Applications»Certificates, you can find the certificate file that the OPC UA server uses in the Issued To column.

After you use Microsoft Management Console to import the certificate file the OPC UA server uses, the LDS trusts the OPC UA server.


 

WAS THIS ARTICLE HELPFUL?

Not Helpful