OPC UA Server Management

Estimated reading time: 4 minutes

On this page, you can start, stop, and reset the server. There are also many different security configurations that you can enable. OT Link Platform OPC UA supports many different options for managing security policies and user authentication. To access OPC UA server management, go to OPC UA > Management in the navigation panel.

Starting and Stopping the Server

To start and stop the OPC UA server:

  1. At the top of the Management page, you will see the port that the server runs on. You also will see whether or not the server is running and two buttons on the right-hand side.

  2. Click Start to start the server. Click Reset to stop the server from running.

Security Feature Matrix

This feature matrix shows currently supported security features in OT Link Platform OPC UA. An X denotes a currently supported feature, a + sign means the feature will be coming soon to OT Link Platform.

Client Authentication Types →

Security Features ↓

Certificate Password Anonymous
Basic256 Encryption X X X
Basic128Rsa15 Encryption X X X
No Encryption Required X X X
Sign Messages X X X
Sign And Encrypt Messages X X X

Policy Management

This section allows you to enable different encryption algorithms and security modes for the OPC UA server.

What does it all mean?

Security policy encryption types:

  • Basic256Sha256: 256-Bit encryption. It supports Sha256 or stronger hash algorithms for certificates.
  • Basic256: 256-Bit encryption. It supports the Sha1 and Sha256 hash algorithms for certificates. 
  • Basic128Rsa15: 128-Bit encryption that uses RSA15 as a Key-Wrap. It supports Sha1 or stronger hash algorithms for certificates.

Each security policy has two different types of message security modes:

  • Sign: OT Link Platform will sign messages from the server to assure recipients that the sender is authentic and not an imposter.
  • SignAndEncrypt: OT Link Platform will both sign and encrypt messages from the server to prevent any attackers from readingplain text messages from the server.

Further information:

  • Encryption: Makes messages impossible to read except by authorized users.
  • 256 / 128 Bit: 128-bit is bank-grade encryption. 256-bit encryption is even stronger and is 1038 times harder to crack. The drawback to 256-bit is that it takes servers about 40% longer to encrypt.
  • Hash algorithms: These are for generating signatures. They assure message recipients that the sender is authentic.
  • Key-Wrap: An extra layer of encryption for sending messages on insecure networks or for storing messages for extended periods.

Basic256 and Basic128Rs1 are deprecated in OPC UA specification versions 1.04 and later because Sha1 is not considered secure anymore.

Refer to the OPC Foundation’s documentation for further details on encryption methods.

Authentication Management

OT Link Platform OPC UA server supports Anonymous, Certificate, and Password user identity tokens for authentication. You can enable multiple identity types and choose security policies for them in this section.

Choosing security policies for identity tokens ensures that the server will encrypt authentication messages.

Identity token descriptions:

  • Anonymous: The server will not have user information and will not be able to identify them.
  • Certificate: The server can identify users by security certificates generated by hash algorithms.
  • Password: The server can identify users by their password.

User Management

You can manage OPC UA server users in this section**.

To add a user**:

  1. In the navigation panel, go to OPCUA > Security.
  2. Click .

  3. Enter a username. Click Save.

  4. Click the Password to copy it. Click Close.

To update user details, reset a user password, or remove a user:

  1. Click the actions button on the right to open the Edit, Reset Password, and Remove User options.

    Currently, you will not see a confirmation when clicking Reset Password or Remove User. These actions happen immediately when you click them.

  2. Click Edit to open a new window. Here you can change the username and disable the user.

  3. Click Save. Click Cancel to exit out of this window.