Make an OPC UA Server and the UA Local Discovery Server Trust Each Other

Updated May 11, 2023

Environment

Software

  • LabVIEW Datalogging and Supervisory Control Module
  • LabVIEW OPC UA Toolkit

I have installed the UA Local Discovery Server (LDS). How do I make an OPC UA server and the LDS trust each other?


The LDS accepts registrations from local OPC UA servers. LDS also collects and publishes information, such as the name, the endpoint URL, etc. about OPC UA servers. After OPC UA servers register with the LDS, OPC UA clients can read the information about the registered OPC UA servers from the LDS.

The LabVIEW Datalogging and Supervisory Control (DSC) Module (before version 2017) and LabVIEW OPC UA Toolkit provide the Register Server VI to register an OPC UA server with the LDS. Before you register an OPC UA server with the LDS, you must ensure that the OPC UA server trusts the certificate file the LDS uses and that the LDS trusts the OPC UA server. 

There are two main steps to configure the OPC UA server and the LDS to trust each other. First, you will need to configure the Microsoft Management Console to view, export, and import Certificates. Then, you will need to make the OPC UA Server and the LDS trust each other. Details for each of these steps are listed below.

 

Configuring Microsoft Management Console to View, Export, and Import Certificates:

You can use (external link) Microsoft Management Console to view and export the certificate file the LDS uses. You also can use Microsoft Management Console to view and import the certificate file the OPC UA server uses. Before you make the OPC UA server and the LDS trust each other, you must configure Microsoft Management Console on your computer so that Microsoft Management Console can view, export, and import certificate files. Complete the following steps to configure Microsoft Management Console:
  1. In the Windows Start menu, navigate to the Command Prompt program and type mmc.exe to launch Microsoft Management Console.
  2. Select File»Add/Remove Snap-in to display the Add or Remove Snap-ins dialog box.
  3. Select Certificates and click Add to add the certificates snap-in in Microsoft Management Console.
  4. Select Computer account and click Next to display the Select Computer dialog box.
  5. Select Local computer and click Finish so that you can use Microsoft Management Console to manage certificate files on local computers.
  6. Click OK to apply the changes.

After you configure Microsoft Management Console, you can view certificates on your local computer under Console Root in Microsoft Management Console.

 

Making the OPC UA Server and the LDS Trust Each Other:

the LDS, you must export the certificate file the LDS uses and specify this certificate file for the OPC UA server to trust. Complete the following steps to make the OPC UA server trust the LDS:
  1. In Microsoft Management Console, select Console Root»Certificates (Local Computer)»UA Applications»Certificates to select the certificates the LDS uses.
  2. In the Issued To column, right-click UA Local Discovery Server and select All Tasks»Exportto launch the Certificate Export Wizard dialog box. You use the Certificate Export Wizarddialog box to export certificate files that the LDS uses.
  3. Click Next to display the Export File Format page.
  4. Select DER encoded binary X.509 (.CER) and click Next
      Note: The OPC UA server supports only the DER encoded binary X.509 (.CER) file format.
  5. Specify a file name for the certificate file the LDS uses and click Next.
  6. Verify the settings that you specify and click Finish to export the certificate file the LDS uses.

After you export the certificate file the LDS uses, you must enter the path to this certificate file to the local discovery server certificate file input of the Register Server.vi so that the OPC UA server trusts the LDS.

You can make the LDS trust the OPC UA server by importing the certificate file the OPC UA server uses. Complete the following steps to make the LDS trust the OPC UA server:

  1. In Microsoft Management Console, select Console Root»Certificates (Local Computer)»UA Applications»Certificates.
  2. Select Action»All Tasks»Import to launch the Certificate Import Wizard dialog box. You use the Certificate Import Wizard dialog box to import the certificate file the OPC UA server uses.
  3. Click Next to display the File to Import page.
  4. Click Browse to display the Open dialog box.
  5. Select All Files (*.*) from the pull-down list.
  6. Select the certificate file with the .der file extension that the OPC UA server uses and click Open. Refer to the Protecting OPC UA Data Items topic in the LabVIEW Help to understand the certificate file that OPC UA servers use and where the certificate file is located.
  7. Click Next to display the Certificate Store page and select Place all certificates in the following store. Ensure that the UA Applications displays in the Certificate store field and click Next.
  8. Verify the settings that you specify and click Finish to import the certificate file the OPC UA server uses. 
      Note: When you select Console Root»Certificates (Local Computer)»UA Applications»Certificates, you can find the certificate file that the OPC UA server uses in the Issued To column.

After you use Microsoft Management Console to import the certificate file the OPC UA server uses, the LDS trusts the OPC UA server.

Related Links

Other Support Options

Ask the NI Community

Collaborate with other users in our discussion forums



Request Support from an Engineer

A valid service agreement may be required, and support options vary by country.