Experimental Physics and Industrial Control System
|
How do I setEPICS opc UA security Settings?
Hi:
How do I setEPICS opc UA security Settings?
When I set up the EPICS OPC UA client, the server did not receive the reject (.der) file, but I did receive certificates from the server.
Here's how I set it up.
picsEnvSet("IOC","iocS7-1500")
epicsEnvSet("TOP","/root/epics-opcua/binaryOpcuaIoc")
epicsEnvSet("OPCUA","/root/epics-opcua/binaryOpcuaIoc/..")
epicsEnvSet("EPICS_BASE","/root/epics-opcua/base-7.0.6.1")
cd "/root/epics-opcua/binaryOpcuaIoc"
## Register all support components
dbLoadDatabase "dbd/opcuaIoc.dbd"
opcuaIoc_registerRecordDeviceDriver pdbbase
## Pretty minimal setup: one session with a 200ms subscription on top
opcuaSession OPC1 opc.tcp://192.168.0.11:4853
opcuaSubscription SUB1 OPC1 200
# Switch off security
# opcuaOptions OPC1 sec-mode=None
opcuaOptions OPC1 sec-mode=best
opcuaSetupPKI /root/epics-opcua/pki
#opcuaClientCertificate /root/epics-opcua/pki /root/epics-opcua/pki
opcuaSaveRejected /root/epics-opcua/pki1
## Load the databases for one of the examples
## Siemens S7-1500 PLC
#dbLoadRecords "db/S7-1500-server.db", "P=OPC:,R=,SESS=OPC1,SUBS=SUB1"
dbLoadRecords "db/S7-1500-DB1.db", "P=OPC:,R=DB1:,SESS=OPC1,SUBS=SUB1"
#dbLoadRecords "db/my.db", "P=OPC:,R=DB1:,SESS=OPC1,SUBS=SUB1"
iocInit
Starting iocInit
############################################################################
## EPICS R7.0.6.1
## Rev. 2023-03-21T05:11+0800
############################################################################
OPC UA Client Device Support 0.9.4 (-); using Unified Automation C++ Client SDK v1.5.5-355
iocRun: All initialization complete
OPC UA: Autoconnecting sessions
OPC UA Session OPC1: configured client certificate is not valid (expired?)
OPC UA session OPC1: connect service failed with status BadCertificateUntrusted
## Start any sequence programs
#seq sncopcuaIoc,"user=ralph"
epics> OPC UA Session OPC1: configured client certificate is not valid (expired?)
OPC UA Session OPC1: configured client certificate is not valid (expired?)
What should I do to create a client certificate? Should the client certificate be copied to the server?
Any suggestions/solution approaches are welcome.
Best Regards,
yinglei Tan
--
谭映雷
中国科学院高能物理研究所
电话:010-88235426
--
谭映雷
中国科学院高能物理研究所
电话:010-88235426
- Replies:
- Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk
- Navigate by Date:
- Prev:
Re: Keithley DMM6500 Henrique Silva via Tech-talk
- Next:
RE: areadetector on windows, xml2 done, now Lightfield Freddie Akeroyd - STFC UKRI via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
- Navigate by Thread:
- Prev:
Re: Keithley DMM6500 Henrique Silva via Tech-talk
- Next:
Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
<2023>
2024
|
ANJ, 29 Mar 2023 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
·
Search
·
EPICS V4
·
IRMIS
·
Talk
·
Bugs
·
Documents
·
Links
·
Licensing
·
|