Connecting To Kepware OPCUA Server

Connecting To Kepware OPCUA Server

Configuring Kepware

Enable OPCUA For a Project
  • In the configuration application go to the “Project” pane and right click the project you wish to enable OPCUA on

  • Select “ Properties”

  • Under “Property Groups” select OPC UA

  • On the right side change the “Enable” property to trueimage-20240923-210707.png

 

image-20240923-210710.png
Configuration Application showing the projects pane.

 

 

image-20240923-210906.png
Property editor showing OPCUA

 

OPCUA Configuration APP
  • Open up the Kepware Administration application by right clicking on the Kepware icon in the system try.

  • Select “OPC UA Configuration“

  • This will this will open the OPCUA Configuration Manager. This is where you can

    • Enable/Disable Endpoints

    • Configure security policies

    • Configure Port numbers

    • Trust client certs.

 

image-20240923-211331.png
Kepware icon in system tray

 

image-20240923-211953.png
Kepware OPCUA Configuration Manager

 

Configuring the Fuuz Device Gateway
  1. Install the Gateway by following these steps 

  • Select the “Plugins” tab on the left side of the device gateway
  • Select the OPCUA Client driver.
  • press the download button
  • Create and Configure a new Device 

 

image-20240923-213414.png
Plugins Tab
image-20240923-214212.png

 

 

Troubleshooting

OPCUA Device wont show up in the gateway admin site on the local server and keeps throwing a redux error.

OpenSSL is required for the OPCUA device to generate certs. Even if the OPCUA server is configured to have no security the gateway device will still need to generate certs to act as its identity when talking to the server.

The gateway attempts to download openssl at the time of device creation. If that download is blocked, then the gateway will get hung up when trying to first initialize device as it will have no way to create the certs it uses to identify itself to the OPCUA server.

If you have an empty OpenSSL folder after attempting to create an OPCUA Client Device you will need to download the openssl files and place them at C:\Program Files\Fuuz Device Gateway\OpenSSL

The files can be downloaded at https://indy.fulgan.com/SSL/openssl-1.0.2t-x64_86-win64.zip

 

image-20240923-220619.png
A populated openssl folder

 

Expired Certificates.

OPCUA uses certificates as a means for clients and the server to state their identity to each other.

The OPCUA Device Gateway driver will automatically generate its own identity certificate as well as pull Kepware's identity certificate. By default these are all stored at C:\\Fuuz Device Gateway\opcua\<deviceId>\. This location can be changed in the device setting if you do not have access to write files to the default location.

image-20250507-172220.png

 

Kepware Certificate

You can view the expiration date of the Kepware cert in the “OPC UA Configuration Manager” by going to the “Instance Certificates” tab and clicking “View server certificate…”. From this tab you can “Reissue” a new cert if your current cert is expired.

This can have implication on connections that are using the old cert.

When the the Kepware cert is reissued you will need to delete the cert out of the “trusted” folder from the Devices certificates(path mentioned above). This will cause the device to re pull the cert from the server in its device configuration.

If you delete the entire folder and not just the “trusted” folder inside of it the device will recreate the folder, pull the cert from the server, and reissue new certs for itself. This will require that trust be re granted to the device in Kepware.

Fuuz Device Certificate

To view the Device certs you will need to use a tool like openssl to decode the x509 pem data in either the default or the overridden location for the device certs. The command below in the folder of the cert should display all of the certificate data

1
openssl x509 -in name_of_cert.pem -noout -text

To generated new certs for the Device, delete the “own” folder out of the Device's cert folder. This will force the device to generate new certs for itself and send it to the server. Because these are new certs from the Device, Kepware will see this as a new device. This will require you to re grant trust in the “OPC UA Configuration Manager” by going to the “Trusted Clients“ tab.

By default the kepware certificates have a lifetime of 3 years.

    • Related Articles

    • OPCUA Client

      What is an OPCUA Client? An OPC UA (OPC Unified Architecture) client is a software application or component that initiates communication with OPC UA servers to retrieve data, exchange information, or interact with industrial automation and control ...
    • HTTP Server

      What is an HTTP Server? An HTTP server, often referred to as a web server, is a software application or hardware device that serves and delivers web content, such as web pages, images, files, and other resources, to clients over the World Wide Web. ...
    • TCP Server

      What is a TCP Server? A TCP server is a software application or component that listens for incoming network connections from clients using the Transmission Control Protocol (TCP) and provides services or resources to those clients. TCP is one of the ...
    • Gateway Driver Installation

      A feature of the Fuuz Gateway is now that you can install various drivers for your devices as you need them. This reduces the overall size and complexity of the application running as well as provides extensibility to our customers and alliance ...
    • How to connect OPC/UA simulator to the Fuuz Gateway

      Using an OPC/UA simulator can be a useful way to familiarize yourself with the connection settings of The Fuuz Gateway application. With the simulator, you can simulate the behavior of an OPC/UA server and connect it to The Fuuz Gateway to see how it ...