OPC UA Server End Point URL Security Extension

When configuring OPC UA Network settings within FrameWorX, users can utilize a URL extension to provide intended security properties.

The URL of an OPC UA server is typically shown like this:

opc.tcp://localhost:61210/UA/SampleServer - [SignAndEncrypt:Basic128Rsa15:Binary]

This is how it appears from the data browser. Note that it is different from a regular URL that one would use in a web browser. It contains an extension, such as “- [SignAndEncrypt:Basic128Rsa15:Binary]”, for instance.

This extension consists of three (3) fields, separated by colons, which contain:

  • Security Policy

  • Encryption Algorithm

  • Data Encoding

OPC UA Server End Point URI Security Extension

If this extension is NOT used, this information is not specified, so the URL would be only: “opc.tcp://localhost:61210/UA/SampleServer”.

In this instance, the default endpoint is chosen. The default endpoint is the first in the list and it should be the most secure one.

This URL extension method was introduced as part of the OPC UA specification, so that security, etc. becomes part of the URL, not requiring any additional, separate setting.

See Also:

OPC_UA_Network

Network Settings

FrameWorX Server