**I am trying to connect a WinCC OPCUA Server enabled with Basic256Sha256 with Sign&Encrpyt.
How to generate / get the .der file on / from WinCC and the .pem file from the WinCC ?
WinCC OPCUA Server is deployed on AWS Windows EC2 Instance.**
What will be the client connection code that will be used to connect to the WinCC OPC UA Server enabled with Basic256Sha256 with Sign&Encrpyt. ?
I need the .der file and the .pem file for my Python OPCUA Client .
How to generate the .der file and the .pem file ?
After the files are generated do i need to keep the files on WinCC OPC UA Server and the OPC UA Client?
Code 1:
client = Client("opc.tcp://localhost:4840/freeopcua/server/")
#client = Client("opc.tcp://localhost:53530/OPCUA/SimulationServer/")
client.set_security_string("Basic128rsa15 ,SignAndEncrypt,certificate-example.der,private-key-
example.pem")
client.application_uri = "urn:example.org:FreeOpcUa:python-opcua"
client.secure_channel_timeout = 10000
client.session_timeout = 10000
Code 2:
logging.basicConfig(level=logging.WARN)
client = Client("opc.tcp://localhost:53530/OPCUA/SimulationServer/")
client.load_client_certificate("server_cert.pem")
client.load_private_key("mykey.pem")
Code 3:
logging.basicConfig(level=logging.DEBUG)
client = Client("opc.tcp://localhost:53530/OPCUA/SimulationServer/")
client.set_security_string("Basic128rsa15 ,Sign,certificate-example.der,private-key-example.pem")
Just guessing the version of WinCC(assuming 7.X) the .der file:
C:\Program Files (x86)\Siemens\WinCC\opc\UAServer\PKI\CA\certs
You most manually move the rejected certificate of your python opc ua client using a file manager.
The certificates used by the WINCC OPC UA server are stored in the settings in the "OpcUaServerWinCC.xml" configuration file:
C:\Program Files (x86)\Siemens\WinCC\opc\UAServer\OpcUaServerWinCC.xml
The project specific configuration file is stored in the WinCC project folder under:
\opc\UAServer"
Yes, the certificates must be available and valid att all times.
Also, time synchronization is very important, due to security mechanisms.
The configuration of WinCC OPC UA can be found in your wincc installations help file, look for "Interfaces --> OPC - Open Connectivity --> WinCC OPC UA Server" and for the client "Communication--> OPC UA WinCC Channel"
Is this something that will get you started or are you not using wincc 7 ?
Related
I'm trying to connect to OPC UA Server which is located over local intranet, though the OPC Server is exposing the Computer Name as a hostname when trying to connect through the given IP address and eventually error out as hostname can't be resolved.
While on the other side, Prosys OPC UA Client can successfully connect to it. I'm currently using Eclipse Milo, but would like to understand how other clients connect to IP Address rather than the hostname while I couldn't?
Asked and answered here: Java OPC-UA Client Eclipse Milo endpoint URL changes to localhost
Instead of using the sample code in that post there is now a helper method in EndpointUtil.updateUrl that you can use.
I am trying to connect an OPC-UA server with an OPC-UA client. I am using a remote desktop connection. Is it the reason that I am not getting any server discovered by Matlab OPC UA or Aspen CIMIO even though they are running?
"Discovered" or just "connected"? Connecting to the remote OPC UA server is normal process so if you cannot connect I would check if there is connection can be made in the first place (firewall) and if certificate is used and what is policy.
Can you put the server on your local computer and check the connection then?
During our development I've been running a V5.19 Kepware Server with UA access. This has been working fine until our Server machine (Windows 7) suddenly restarted. Now none of our applications can connect via UA - BadRequestTimeout error is returned. DA access is OK, it's just the UA clients that cannot connect.
I've done the usual Google and no useful information is returned other than telling me what the numerical value of the error code is, which I already knew.
The UA configuration of the server looks fine - i.e. it hasn't changed. None of the clients have changed.
Can someone please shed some light on this?
Thanks
Steve
The Server's UA Configuration had Trusted Server and Trusted Client entries (both of which were unnecessary).
I removed both of these and suddenly UA connections were allowed.
Not sure why removing these made any difference - these had been in place for a long time, when the server was initially installed.
I am using OPC Foundation's OpcNetApi.dll to communicate with an OPC DA server.
I am curious if there is a programatic way to kill specific connections which are currently active on the server using this library or a similar library.
I'm not positive, but I don't think what you are asking for is always possible (without a debugger). OPC is based on Microsoft COM. There are two ways that COM can be implemented:in-proc and out-of-proc. The choice depends on the OPC server vendor.
With an in-proc implementation, if you are running the OPC client on the same machine as the OPC server then the OPC server is just a dll that is loaded directly into the memory space of the OPC client. This dll exposes the OPC interfaces like CreateGroup, ReadAllItems, etc. Now it is probably getting the actual data through some other mechanism (named pipe, TCP/IP, etc) but this depends again on the OPC server implementation. The only way to really force stop this OPC server is to end the OPC client or get the OPC client program. Of course the OPC client or OPC server may already have implemented a mechanism to end, but there is not guarantee.
If it is an out-of-proc OPC implementation then the OPC server will run in a separate executable so you can find the name of that executable and terminate it. (You can search in regedit for the name of the OPC server to find the corresponding executable name). If I remember correctly, the OPC server can be designed so all clients share one executable or each OPC client gets their own instance of the executable.
If you are running the OPC server remotely then it is probably going to be loaded inside of a stub program if its an in-proc implementation and then tied to RPC. If you block the ports that RPC communicates over I think most clients would decide to disconnect after a while, although there is no guarentee they won't try to reconnect later.
Here's some more information:
https://www.opcsupport.com/link/portal/4164/4590/Article/711/May-I-get-a-In-Proc-and-Out-Of-Proc-explanation
I am trying to connect to a local OPC server. It is one of 7 OPC servers on the computer. I can connect to all the other servers except for this one.
As far as I can tell I have the server-specific DCOM settings wide open. Is there anything I could be overlooking as to why I cannot connect to this server?
Again this is a local server, not a remote computer.
By can't connect I mean I can see the OPC server in an OPC client, so opcenum is working - but I get a "OPCServer.WinCC. CoCreateInstanceEx: : 80070005 (Access Denied)" error.
I have a similar problem with Unitronic OPC Server on Windows 10. The OPC client is SCADA Reliance 4. The OPC Server runs as local on the same PC as Reliance. The problem is that the user requires to run Reliance with OPC server with limited privileges. Unitronic OPC server runs only with increased privileges because it is unable to operate with lower privileges. If an OPC client runs with a lower privilege than an OPC server, it is unable to establish a connection because of the restrictions. For these reasons, user must run the OPC client using the "Run As Administrator" option and the connection is successfully established in this case.