UaGateway  1.4.9.376
HowTo: Add and Connect to an Underlying UA Server

This HowTo describes how to add and connect to a remote UA Server from UaGateway using Security Policy Basic256Sha256 with Message Security Mode Sign & Encrypt.

To add and connect a UA Server to the UaGateway, start the Configuration Tool: Right click on the Notification Area Icon and select “Configure UaGateway” from the context menu.

Select “OPC UA Servers” in the DevicesAddress Space window" on the left. A tab listing all configured UA servers (in our case none) will appear in the main window. Click on “Add Server...” to add a connection to a UA Server.

config_add_ua_server_1.png
Add UA Server 1

A dialog allowing to configure a new UA Server window will open.

config_add_ua_server_2.png
Add UA Server 2

To find the remote UA Server, you can browse the network and discover individual computers, or double click on “Double click to Add Server...” and enter the remote address of the UA Server to the input field in the following form (either IP address or hostname can be used):

  • opc.tcp://<Hostname>:<Port>
  • opc.tcp://<IP Address>:<Port>

Expand the tree to show the endpoints provided by the server. We pick “Basic256Sha256 - Sign & Encrypt” to use the highest available security setting. By pressing the button “Add & Close”, a secure connection to this UA Server will be added to the configuration of UaGateway.

config_add_ua_server_4.png
Add UA Server 4

Select the newly added server in the Devices Address Space Window to display the connection status in the main window. Note that the status is “Lost connection, trying reconnect”. As we intend to connect to a secure endpoint, the communication partners have to trust each other’s certificates. The server does’t trust UaGateway yet, so the connection is refused.

config_add_ua_server_5.png
Add UA Server 5

To establish a secure connection, a server administrator has to move UaGateway’s application instance certificate to the server’s trust list. How this can be done depends on the server. In case of Unified Automation’s C++ Demo Server running on Windows 7, move the certificate file from the folder ProgramData/unifiedautomation/UaCPPServer/pkiserver/rejected to ProgramData/unifiedautomation/UaCPPServer/pkiserver/trusted/certs.

As soon as the certificate is trusted, the connection will automatically be established with the next connection attempt of UaGateway.

If the server status is not updated automatically, you can check if the connection has been established by right clicking on the server in the Devices Address Space window and selecting “Rebrowse” from the context menu.

config_add_ua_server_6.png
Add UA Server 6

The connection status of the server should now show “Connected”.

config_add_ua_server_7.png
Add UA Server 7