CDP Studio

The no-code and full-code software development tool for distributed control systems and HMI

CDP Studio Documentation

OPC UA Server Discovery Opc UA TLS Certificate Setup

OPC-UA-Adapter

OPC-UA-Adapter

The CDP OPC-UA-Adapter is a CDP module that allows remote clients to connect to running CDP applications via the OPC UA protocol, providing access to all objects and parameters of the CDP application, just like CDP by default does it via the StudioAPI protocol.

After adding an OPC-UA-Adapter to the CDP application you can use any OPC UA client (like UaExpert) or any OPC UA tool or library (like opcua-asyncio for Python) to connect and view or change any value in the system.

OPC-UA-Adapter has support for user authentication plus transport encryption and signing, so it can be used safely over insecure networks (like the Internet).

OPC-UA-Adapter is very simple to use. You only have to add the adapter to your CDP application and it is working without any configuration, with default settings.

Note: The OPC-UA-Adapter is a licensed feature. See the CDP Runtime License manual for more information.

OPC-UA-Adapter has the following configuration properties:

PropertyDescription
EndpointInterface<string>Interface name (from CDP Application configuration) for the adapter to listen on. Set empty to listen on all interfaces. Defaults to ETH0.
EndpointPort<unsigned short>TCP port for the adapter to listen on. Defaults to 4840.
SecurityMode<string>OPC UA message security mode to use. Choose between:
  • None - no security (adapter default setting)
  • Sign - all messages are digitally signed but not encrypted
  • Sign&Encrypt - all messages are digitally signed and encrypted (best security)
SecurityPolicy<string>OPC UA security policy to use, when SecurityMode other than None is selected. Choose between:
  • Basic256Sha256 - best and recommended security policy currently available (adapter default setting). Policy is described in detail at http://opcfoundation.org/UA/SecurityPolicy#Basic256Sha256
  • Basic256 - this policy is no longer considered as secure and therefore should only be used in rare circumstances, when client does not support Basic256Sha256. Policy is described in detail at http://opcfoundation.org/UA/SecurityPolicy#Basic256
  • Basic128Rsa15 - this policy is no longer considered as secure and therefore should only be used in rare circumstances, when client does not support Basic256Sha256. Policy is described in detail at http://opcfoundation.org/UA/SecurityPolicy#Basic128Rsa15
TLSServerCertFile<string>Adapter TLS key certificate file name. Must be filled when SecurityMode other than None is selected. See also OPC UA TLS certificate setup.
TLSServerKeyFile<string>Adapter TLS key file name. Must be filled when SecurityMode other than None is selected. See also OPC UA TLS certificate setup.
TLSAllowURIMismatch<bool>Can be set to true to allow connection from clients with TLS certificates that do not match with their application URI. See also OPC UA TLS certificate setup.
AnonymousAccessLevel<string>Access level flags for clients logging in without credentials (using anonymous mode). The following OPC UA access flags can be set:
  • R - Allow read access for anonymous clients
  • W - Allow write access for anonymous clients
  • h - Allow history read access for anonymous clients
  • H - Allow history write access for anonymous clients
  • C - Allow semantic change for anonymous clients
  • s - Allow status write for anonymous clients
  • T - Allow timestamp write for anonymous clients
EndpointAppURI<string>OPC UA namespace URI for the application. If left empty, adapter component full name is used.
EndpointAppName<string>Description for the application to be advertised. If left empty, CDP component name is used.

An unlimited number of AllowedClient sub-elements can be added to OPC-UA-Adapter to configure allowed clients and their credentials. Each AllowedClient has the following configuration properties:

PropertyDescription
Name<string>OPC UA client username
Password<string>OPC UA client password
TLSClientCertFile<string>OPC UA client TLS certificate to use for authentication. Can be left empty if SecurityMode None is used.
AccessLevel<string>Access level flags for this OPC UA client. The following OPC UA access flags can be set:
  • R - Allow read access for this client
  • W - Allow write access for this client
  • h - Allow history read access for this client
  • H - Allow history write access for this client
  • C - Allow semantic change for this client
  • s - Allow status write for this client
  • T - Allow timestamp write for this client

Note: For strongest authentication use AllowedClients that have both password and certificate authentication.

Adapter state can be observed at runtime via these read-only properties:

EndpointURL<string>Endpoint URL. Is automatically composed from protocol, listen ip and port.
EndpointProtocol<string>OPC UA protocol to use. Currently only opc.tcp (binary) protocol is supported.
CurrentState<string>State of the adapter. Can be Online or Offline. When a problem is detected at startup, the adapter is offline.

See also OPC-UA-Adapter Setup Guide

OPC UA Server Discovery Opc UA TLS Certificate Setup

The content of this document is confidential information not to be published without the consent of CDP Technologies AS.

CDP Technologies AS, www.cdpstudio.com

Get started with CDP Studio today

Let us help you take your great ideas and turn them into the products your customer will love.

Try CDP Studio for free
Why CDP Studio?