Best Practices for Configuring the OPC UA Application

The following list contains the best practices and recommendations that you can follow when configuring the OPC UA application configuration file.

Security

Always set AutoAcceptUntrustedCertificates to false in production.
Use the SignAndEncrypt_3 security mode.
Reject SHA-1 certificates.
Use minimum 2048-bit RSA keys.
Use 256-bit or higher for ECC certificates.
Regularly update trust lists.
Enable certificate revocation checking.

Performance

Tune operation limits based on use case.
Use appropriate message and buffer sizes.
Configure realistic timeouts.
Use subscriptions for real-time data.
Implement data paging for large datasets.

Reliability

Configure appropriate session timeouts.
Set reasonable channel lifetimes.
Implement error handling for certificate issues.
Monitor rejected certificate store.
Enable trace logging for diagnostics.

Maintenance

Use environment variables for portable paths.
Document custom configuration changes.
Version control configuration files.
Test configuration changes in development first.
Regular security audits.

Copyright © 2026 Mitsubishi Electric Iconics Digital Solutions, Inc. - Version 11 Update 3 - Updated 2/27/2026