Connecting To Kepware OPCUA Server
Configuring Kepware
Enable OPCUA For a Project
In the configuration application go to the “Project” pane and right click the project you wish to enable OPCUA on
Select “ Properties”
Under “Property Groups” select OPC UA
On the right side change the “Enable” property to true
OPCUA Configuration APP
Open up the Kepware Administration application by right clicking on the Kepware icon in the system try.
Select “OPC UA Configuration“
This will this will open the OPCUA Configuration Manager. This is where you can
Enable/Disable Endpoints
Configure security policies
Configure Port numbers
Trust client certs.
Configuring the Fuuz Device Gateway
- Install the Gateway by following these steps
- Select the “Plugins” tab on the left side of the device gateway
- Select the OPCUA Client driver.
- press the download button
- Create and Configure a new Device
Troubleshooting
OPCUA Device wont show up in the gateway admin site on the local server and keeps throwing a redux error.
OpenSSL is required for the OPCUA device to generate certs. Even if the OPCUA server is configured to have no security the gateway device will still need to generate certs to act as its identity when talking to the server.
The gateway attempts to download openssl at the time of device creation. If that download is blocked, then the gateway will get hung up when trying to first initialize device as it will have no way to create the certs it uses to identify itself to the OPCUA server.
If you have an empty OpenSSL folder after attempting to create an OPCUA Client Device you will need to download the openssl files and place them at C:\Program Files\Fuuz Device Gateway\OpenSSL
The files can be downloaded at https://indy.fulgan.com/SSL/openssl-1.0.2t-x64_86-win64.zip
Expired Certificates.
OPCUA uses certificates as a means for clients and the server to state their identity to each other.
The OPCUA Device Gateway driver will automatically generate its own identity certificate as well as pull Kepware's identity certificate. By default these are all stored at C:\\Fuuz Device Gateway\opcua\<deviceId>\. This location can be changed in the device setting if you do not have access to write files to the default location.
Kepware Certificate
You can view the expiration date of the Kepware cert in the “OPC UA Configuration Manager” by going to the “Instance Certificates” tab and clicking “View server certificate…”. From this tab you can “Reissue” a new cert if your current cert is expired.
This can have implication on connections that are using the old cert.
When the the Kepware cert is reissued you will need to delete the cert out of the “trusted” folder from the Devices certificates(path mentioned above). This will cause the device to re pull the cert from the server in its device configuration.
If you delete the entire folder and not just the “trusted” folder inside of it the device will recreate the folder, pull the cert from the server, and reissue new certs for itself. This will require that trust be re granted to the device in Kepware.
Fuuz Device Certificate
To view the Device certs you will need to use a tool like openssl to decode the x509 pem data in either the default or the overridden location for the device certs. The command below in the folder of the cert should display all of the certificate data
To generated new certs for the Device, delete the “own” folder out of the Device's cert folder. This will force the device to generate new certs for itself and send it to the server. Because these are new certs from the Device, Kepware will see this as a new device. This will require you to re grant trust in the “OPC UA Configuration Manager” by going to the “Trusted Clients“ tab.
By default the kepware certificates have a lifetime of 3 years.
Related Articles
Connecting a CRM with your ERP using Fuuz
This how to section is designed to help you understand basic principles behind connecting enterprise systems like CRM and your ERP. We use the Data Flow designer, with some templates, to help drive this process. Please note, this is an older video, ...Connecting a Vending Machine to your ERP system using Fuuz
In this video - one of our engineers shows you step by step, how you can connect a shop floor vending machine using the Fuuz Platform to your Cloud based ERP. In this use case, we showcase, connecting Plex with our shop floor vending machines to ...Connecting to Fuuz from a remote system to execute a Fuuz API
In this video we walk through the steps to use either native or APIs you've built in the Fuuz platform. Note that you can create saved GraphQL queries, Web Flows, Edge flows and more that are automatically accessible to you as an API end point on the ...Connecting to Fuuz from a remote system to execute a Fuuz API - Extended Features Part 2
In this video we walk through the steps to use either native or APIs you've built in the Fuuz platform. Note that you can create saved GraphQL queries, Web Flows, Edge flows and more that are automatically accessible to you as an API end point on the ...How to connect OPC/UA simulator to the Fuuz Gateway
Using an OPC/UA simulator can be a useful way to familiarize yourself with the connection settings of The Fuuz Gateway application. With the simulator, you can simulate the behavior of an OPC/UA server and connect it to The Fuuz Gateway to see how it ...