This HowTo describes how to add and connect to a remote UA Server from UaGateway using Security Policy Basic128Rsa15 with Message Security Mode Sign & Encrypt.

To add and connect a UA Server to the UaGateway, just start the Configuration Tool of the UaGateway (by right clicking on the Notification Area Icon).

Locate the Devices Address Space window on the left side of the Configuration Tool and click on “OPC UA Servers”.

In the main window the configuration for UA Servers will appear. Just click on “Add Server...” to add a connection to a new UA Server.

A dialog window will appear where all needed information about the target UA Server has to be configured.

To find the remote UA Server, you can browse the network and discover individual computers, or you just double click on “Double click to Add Server...” and enter the remote address of the targeted UA Server into the input field of the pop-up window. This can be done in different ways:

opc.tcp://<Hostname>:<Port>
opc.tcp://<IP Address>:<Port>

Expand the tree and select the secure endpoint “Basic128Rsa15 - Sign & Encrypt”. By pressing the button “Add & Close” a secure connection to this UA Server will be added to the UaGateway configuration. If the remote server supports user name/password authentication, it is possible to to configure it by selecting Username/Password.

When selecting the newly added UA Server in the Devices Address Space Window the UA Server’s detailed connection status will be displayed. As this connection is a secure connection, the remote UA Server is not connected immediately. Typically it will reject the connect attempt because the UAGateway’s certificate is not trusted yet.

To establish the secure connection, locate the certificate store of the remote UA Server and trust the UaGateway’s client certificate.

Example using the Unified Automation Demo Server:
The certificate is typically located in the folder APPDATA%/UnifiedAutomation/UaDemoServer/PKI/CA/rejected. To trust the certificate, move the respective file to the folder APPDATA%/UnifiedAutomation/UaDemoServer/PKI/CA/certs.

As soon as the certificate is trusted, the connection will automatically be established with the next connect attempt of UaGateway.

If the server status is not updated automatically, you can check if the connection has been established, by right clicking on the server in the Devices Address Space window and clicking “Rebrowse”.

The connection status of the server should now show “Connected”.