EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024  Index 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024 
<== Date ==> <== Thread ==>
Subject: How do I setEPICS opc UA security Settings?
From: 谭映雷 via Tech-talk <tech-talk at aps.anl.gov>
To: tech-talk at aps.anl.gov
Date: Wed, 29 Mar 2023 20:49:20 +0800 (GMT+08:00)



How do I setEPICS opc UA security Settings?

Hi:
How do I setEPICS  opc UA security Settings?

When I set up the EPICS OPC UA client, the server did not receive the reject (.der) file, but I did receive certificates from the server.

Here's how I set it up.
picsEnvSet("IOC","iocS7-1500")
epicsEnvSet("TOP","/root/epics-opcua/binaryOpcuaIoc")
epicsEnvSet("OPCUA","/root/epics-opcua/binaryOpcuaIoc/..")
epicsEnvSet("EPICS_BASE","/root/epics-opcua/base-7.0.6.1")
cd "/root/epics-opcua/binaryOpcuaIoc"
## Register all support components
dbLoadDatabase "dbd/opcuaIoc.dbd"
opcuaIoc_registerRecordDeviceDriver pdbbase
## Pretty minimal setup: one session with a 200ms subscription on top
opcuaSession OPC1 opc.tcp://192.168.0.11:4853
opcuaSubscription SUB1 OPC1 200
# Switch off security
# opcuaOptions OPC1 sec-mode=None
opcuaOptions OPC1 sec-mode=best
opcuaSetupPKI /root/epics-opcua/pki
#opcuaClientCertificate /root/epics-opcua/pki /root/epics-opcua/pki
opcuaSaveRejected  /root/epics-opcua/pki1
## Load the databases for one of the examples
## Siemens S7-1500 PLC
#dbLoadRecords "db/S7-1500-server.db", "P=OPC:,R=,SESS=OPC1,SUBS=SUB1"
dbLoadRecords "db/S7-1500-DB1.db", "P=OPC:,R=DB1:,SESS=OPC1,SUBS=SUB1"
#dbLoadRecords "db/my.db", "P=OPC:,R=DB1:,SESS=OPC1,SUBS=SUB1"
iocInit
Starting iocInit
############################################################################
## EPICS R7.0.6.1
## Rev. 2023-03-21T05:11+0800
############################################################################
OPC UA Client Device Support 0.9.4 (-); using Unified Automation C++ Client SDK v1.5.5-355
iocRun: All initialization complete
OPC UA: Autoconnecting sessions
OPC UA Session OPC1: configured client certificate is not valid (expired?)
OPC UA session OPC1: connect service failed with status BadCertificateUntrusted
## Start any sequence programs
#seq sncopcuaIoc,"user=ralph"
epics> OPC UA Session OPC1: configured client certificate is not valid (expired?)
OPC UA Session OPC1: configured client certificate is not valid (expired?)

What should I do to create a client certificate? Should the client certificate be copied to the server?

Any suggestions/solution approaches are welcome.
Best Regards,
yinglei Tan

--
谭映雷
中国科学院高能物理研究所
电话:010-88235426
--
谭映雷 中国科学院高能物理研究所 电话:010-88235426
Replies:
Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk
Navigate by Date:
Prev: Re: Keithley DMM6500 Henrique Silva via Tech-talk
Next: RE: areadetector on windows, xml2 done, now Lightfield Freddie Akeroyd - STFC UKRI via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024 
Navigate by Thread:
Prev: Re: Keithley DMM6500 Henrique Silva via Tech-talk
Next: Re: How do I setEPICS opc UA security Settings? Ralph Lange via Tech-talk
Index: 1994  1995  1996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  <20232024 
ANJ, 29 Mar 2023 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·