You are here: Start » Technical Issues » Communicating over OPC UA
Communicating over OPC UA
Aurora Vision Studio provides a simple implementation of a OPC UA client, supporting client-server mode communication, allowing to establish connection(s) with OPC UA compatible servers over the OPC TCP binary protocol, allowing to read and write values of variable nodes in the server address space.
Working with OPC UA
The functionality is provided by the filters from the OPC UA category.
First, optionally, if a secure connection is required by the application (message encryption, signing, identity verification), the OPCUAClient_SetupSecurityCertificates filter needs to be invoked to set up the security configuration and certificates environment.
Next, the OPCUAClient_Connect must be invoked to establish a connection with a OPC UA server. Multiple connection filters can be invoked in the same application to establish connections with multiple server endpoints at the same time.
After establishing the connection with a server the filters from OPCUAClient_ReadValue and OPCUAClient_WriteValue groups can be used to respectively read a value from a server variable and write a value to a server variable. The read and write filter variants needs to be picked according to the type of the accessed variable. The table below shows which filters can be used to access given OPC UA variable data types:
The filters in the table above can also work with OPC UA data types derived from the basic types they support.
For the information on how to send images to the OPC UA server see the description of the OPCUAClient_WriteByteBufferValue filter.
When finishing the work with the OPC UA server the OPCUAClient_Close filter can be used to terminate the connection.
OPC UA Server Browser and Application Certificate
The OPC UA Server Browser simplifies the process of browsing nodes within the server's address space. This functionality can be accessed directly through the "3 dots" icon located in the inNode input field of filters from the following groups: OPCUAClient_ReadValue and OPCUAClient_WriteValue.
The Server Browser also offers tools to manage certificates:
- Open Browser Certificate Directory
- Save Local Browser Certificate As ...
- Generate Application Certificate ...
Creating the Application Certificate
Certificates and keys are foundational components of secure communication and identity verification in networked applications. This section outlines the correct configuration and usage of certificates for applications developed in Aurora Vision Studio.
The certificate is a public element; other nodes in the network also receive it and use it to verify the application's identity. The key, as the name suggests, is a private element. Only the application possesses it, and it is used for signing operations, thereby proving the application's identity.
When generating a certificate for an application, a pair is created: certificate + key. These two elements correspond to the inputs inApplicationCertificate and inPrivateKey of the OPCUAClient_SetupSecurityCertificates filter. For example, when using a certificate generation tool within the OPC UA Server Browser:
The output will consist of two files, which should be specified as the inputs mentioned above.
Certificates from PLC
The inputs inApplicationURI, inApplicationCertificate, and inPrivateKey of the OPCUAClient_SetupSecurityCertificates filter pertain to the application certificate to facilitate its identification by other nodes in the network.
The PLC's certificate file should be uploaded to the trusted certificates folder, and the path to this folder must be provided as the input inTrustedCertStore.
Similarly, the generated public certificate of the application (the one specified by the input inApplicationCertificate) should either be uploaded to the PLC as trusted or signed with an issuer certificate that is trusted by the PLC.
| Previous: Communication with Modbus TCP devices | Next: Working with Hilscher device as a profinet slave |
