THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
OPC UA provides options to take care of security aspects while exchanging data. The security level is specified via so called security policies. The following options exist as security policy:
- None: no security measures taken
This is already implemented in the OPC UA adapter by choosing unauthenticated under access mode.
- Sign (username & password): integrity and authenticity are ensured via user authentication and authorization.
This is already implemented in the OPC UA adapter by choosing Username/Password under access mode.
- SignAndEncrypt: additionally, confidentiality is ensured. Identification of the user is done via a X509 certificate.
This is not yet implemented.
There are three different options to handle the certificate management in the OPC UA server
- Self-signed certificates and trust-list mechanism
- Easy and flexible
- Each certificate has to be registered at each server and added to the trust list to allow a connection
- Only recommended for smaller OPC-UA set ups
- Public key infrastructure (PKI) and trust-list mechanism
- Trust-list contain only root certificates
- New servers or clients get a certificate from the PKI, that can be validated via the root certificate
- Certificate Manager (OPC UA component)
- Enables not only provision of certificates but renewal and withdrawal of certificates
- Not specified in the OPC UA standard -> product specific
To establish an encrypted connection to the OPC UA server the following preconditions have to be met:
- Certificate is included in the server’s trust list
- Certificate and private key are present to establish a connection
Possibilities to test:
- Eclipse Milo supports encrypted communication via self signed certificates and trust-list mechanism. The demo server allows to add certificates to the trust list via upload (http://milo.digitalpetri.com/)
Next steps:
- Establish encrypted connection via UA Expert with milo demo server
- Implement functionality with eclipse milo in StreamPipes
References:
- https://github.com/digitalpetri/opc-ua-demo-server
- https://github.com/apache/plc4x/tree/develop/plc4j/integrations/opcua-server/src/main/java/org/apache/plc4x/java/opcuaserver
- Schleipen, Miriam (2020): Praxishandbuch OPC UA. Grundlagen-Implementierung-Nachrüstung-Praxisbeispiele