UaGDS  1.0.0
Push configuration for servers


Servers with Push functionality can be managed automatically by UaGDS.

The initial registration of the server application is done with the UaGDS Configuration Tool. The necessary information can be provided by a server through discovery. After the registration, the application is configured for Push in the UaGDS. The initial signed certificate and the trust list is pushed by the UaGDS to the server.

The Push by UaGDS requires security admin rights for the UaGDS on the managed server.

The following updates of the trust list and of the certificate are automatically pushed by UaGDS if needed.

Push Configuration with C++ SDK Demo Server

C++ SDK Demo Server is part of the C++ based OPC UA Client Server PubSub SDK bundle but is also available as stand-alone setup.

The server must be started to get the registration information from the server.

Step 1: Start registration

In the Application Configuration tab the registration can be stared with double click on <Add Server with PUSH Model>. The Registered Applications toolbar also contains a button to start the registration.

Application Configuration

Step 2: Select server for registration

Enter the URL of the OPC UA server with double click to <Double click to Add Server...>. The C++ demo server is using 48010 as default port. For a local installation use opc.tcp://localhost:48010. Make sure the server console application is started.

Expand the server and select one of the secure endpoints.

The server registration information is filled in from the server endpoint description.
If the server is not available online, the information can be entered manually.

Server selection for GDS Push

Step 3: Configure Push

The GDS needs a user with SecurityAdmin role to Push the initial certificate and updates of trust lists and certificates.

One SecurityAdmin user on the demo server is the user root with password secret.

The Update Duration is used by the GDS as time in milliseconds between re-tries if the Push fails.

GDS Push Settings

Step 4: Trust GDS server

If the server provides a provisioning mode, the GDS is able to complete the initial Push of the signed server certificate.

In the provisioning mode, the server accepts secure connections from any client as long as the trust list is empty. The Push will populate the trust list and therefore end the provisioning mode.

Products like the OPC UA server for Siemens S7-1500 provide a provisioning mode. See the product documentation on how to activate the provisioning mode.

The GDS Status tab shows the status of the applications and indicates if the certificate Push succeeded.

GDS Status

If a provisioning mode is not supported, the GDS certificate must be trusted by the server to allow the initial Push.

The C++ SDK demo server provides the administration tool UA Admin Dialog. In the Certificate tab, the GDS certificate can be trusted with a right mouse click on the GDS certificate

GDS Status

Step 5: Test secure connection with UaExpert

If UaExpert and C++ SDK Demo server have both certificates signed by the GDS, a secure connection establishment must work without any additional configuration.

UaExpert provides GDS discovery for the GDS server with which UaExpert is registered.

Open Add Server dialog in UaExpert and browse to Global Discovery Server, the configured GDS and select a secure endpoint of the C++ SDK demo server.

If the configuration was successful, the connection establishment works without any additional configuration (no additional server side trust needed).

GDS Discovery with UaExpert