1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024 | Index | 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 <2023> 2024 |
<== Date ==> | <== Thread ==> |
---|
Subject: | How do I setEPICS opc UA security Settings? |
From: | 谭映雷 via Tech-talk <tech-talk at aps.anl.gov> |
To: | tech-talk at aps.anl.gov |
Date: | Wed, 29 Mar 2023 20:49:20 +0800 (GMT+08:00) |
How do I setEPICS opc UA security Settings?
Hi:
How do I setEPICS opc UA security Settings?
When I set up the EPICS OPC UA client, the server did not receive the reject (.der) file, but I did receive certificates from the server.
Here's how I set it up.
picsEnvSet("IOC","iocS7-1500")
epicsEnvSet("TOP","/root/epics-opcua/binaryOpcuaIoc")
epicsEnvSet("OPCUA","/root/epics-opcua/binaryOpcuaIoc/..")
epicsEnvSet("EPICS_BASE","/root/epics-opcua/base-7.0.6.1")
cd "/root/epics-opcua/binaryOpcuaIoc"
## Register all support components
dbLoadDatabase "dbd/opcuaIoc.dbd"
opcuaIoc_registerRecordDeviceDriver pdbbase
## Pretty minimal setup: one session with a 200ms subscription on top
opcuaSession OPC1 opc.tcp://192.168.0.11:4853
opcuaSubscription SUB1 OPC1 200
# Switch off security
# opcuaOptions OPC1 sec-mode=None
opcuaOptions OPC1 sec-mode=best
opcuaSetupPKI /root/epics-opcua/pki
#opcuaClientCertificate /root/epics-opcua/pki /root/epics-opcua/pki
opcuaSaveRejected /root/epics-opcua/pki1
## Load the databases for one of the examples
## Siemens S7-1500 PLC
#dbLoadRecords "db/S7-1500-server.db", "P=OPC:,R=,SESS=OPC1,SUBS=SUB1"
dbLoadRecords "db/S7-1500-DB1.db", "P=OPC:,R=DB1:,SESS=OPC1,SUBS=SUB1"
#dbLoadRecords "db/my.db", "P=OPC:,R=DB1:,SESS=OPC1,SUBS=SUB1"
iocInit
Starting iocInit
############################################################################
## EPICS R7.0.6.1
## Rev. 2023-03-21T05:11+0800
############################################################################
OPC UA Client Device Support 0.9.4 (-); using Unified Automation C++ Client SDK v1.5.5-355
iocRun: All initialization complete
OPC UA: Autoconnecting sessions
OPC UA Session OPC1: configured client certificate is not valid (expired?)
OPC UA session OPC1: connect service failed with status BadCertificateUntrusted
## Start any sequence programs
#seq sncopcuaIoc,"user=ralph"
epics> OPC UA Session OPC1: configured client certificate is not valid (expired?)
OPC UA Session OPC1: configured client certificate is not valid (expired?)
What should I do to create a client certificate? Should the client certificate be copied to the server?
Any suggestions/solution approaches are welcome.
Best Regards,
yinglei Tan
--
谭映雷
中国科学院高能物理研究所
电话:010-88235426
--
谭映雷 中国科学院高能物理研究所 电话:010-88235426