UA Server SDK C++ Bundle  1.4.3.291
 All Classes Namespaces Functions Variables Typedefs Enumerations Enumerator Friends Modules Pages
Server Configuration

The Unified Automation C++ Server SDK provides different options for server configuration.

The figure Options for product specific configuration gives an overview of the SDK classes designed for this purpose.

The SDK provides the following classes:

ServerConfig

The class ServerConfig is the interface used by the SDK to access product specific configuration settings.

ServerConfigData

The class ServerConfigData implements the interface ServerConfig and provides configuration settings through the settings stored in the member variables of the class.

ServerConfigXml

The class ServerConfigXml loads the settings from an XML file and stores them in the members of ServerConfigData.

ServerConfigIni
The class ServerConfigIni loads the settings from an INI file and stores them in the members of ServerConfigData.

These classes offer the following options for integrating product specific configuration settings.

Option 1

A Product specific XML configuration file is loaded by the helper class ServerConfigXml. For more information, see XML Configuration File. An example for this file is included with the SDK: [Installation Directory]/bin/ServerConfig.xml

Option 2

A Product specific INI configuration file is loaded by the helper class ServerConfigIni. For more information, see INI Configuration File. An example for this file is included with the SDK: [Installation Directory]/bin/ServerConfig.ini

Option 3

The settings are loaded from an existing product configuration data base and stored in ServerConfigData members. This requires the implementation of a product specific class for loading the configuration settings, which is derived from ServerConfigData.

Option 4
A Product specific implementation of the ServerConfig interface is accessing a product specific configuration data base for every access to the interface ServerConfig.

Server Configuration Options

XML Configuration File

An XML based example configuration file can be found in [Installation Directory]/bin.

Trace

The element <Trace> stores the trace settings for the OPC UA Stack and OPC UA Application. It contains the following child elements:

Element Description Default
UaStackTraceEnabled Enable or disable the UA stack trace; possible values are true or false. false
UaStackTraceLevel The UA stack trace level; possible values are
NONE
No Trace
ERROR
Critical errors, which require attention, i.e. unexpected errors and/or errors requiring external actions
WARNING
Non-critical faults, which should not go unnoticed but are handled internally
SYSTEM
Rare major events (good cases) like initializations, shutdown, etc.
INFO
Regular good case events, like connects, renews
DEBUG
Used for debugging purposes
CONTENT
Used to add additional content (i.e. whole message bodies) to debug traces
ALL
All outputs
NONE
UaAppTraceEnabled Enable or disable the UA server application trace; possible values are true or false false
UaAppTraceLevel The UA server application trace level; possible values are
NoTrace
No Trace
Errors
Unexpected errors
Warning
Unexpected behaviour that is not an error
Info
Information about important activities, like connection establishment
InterfaceCall
Calls to module interfaces
CtorDtor
Creation and destruction of objects
ProgramFlow
Internal program flow
Data
Data
NoTrace
UaAppTraceMaxEntries The maximum number of trace entries in one file 100000
UaAppTraceMaxBackup The maximum number of backup files 5
UaAppTraceFile The trace file; [Application Path] can be used as a placeholder for the path to the server application, e.g. [ApplicationPath]/srvTrace.log. Set by define SERVERCONFIG_SERVERTRACEFILE
TraceEvents

Setting to allow clients to get the SDK trace outputs for trace levels Errors, Warning and Info via HistoryRead for events and/or Events from the server. Possible values are:

  • Disabled
  • History
  • HistoryAndEvents

See getTraceEventSettings for more details.

History

Endpoint Configuration

This part of the configuration defines the OPC UA communication endpoints for the server and their security configurations.

List of Configured Endpoints

The configuration information for each Endpoint has to be stored in a separate XML element <UaEndpoint> using the child elements described later on.

The following code gives an example for a completely configured endpoint.

<SerializerType>Binary</SerializerType>
<Url>opc.tcp://[NodeName]:48010</Url>
<SecuritySetting>
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#None</SecurityPolicy>
<MessageSecurityMode>None</MessageSecurityMode>
</SecuritySetting>
<SecuritySetting>
<SecurityPolicy>http://opcfoundation.org/UA/SecurityPolicy#Basic256</SecurityPolicy>
<MessageSecurityMode>Sign</MessageSecurityMode>
<MessageSecurityMode>SignAndEncrypt</MessageSecurityMode>
</SecuritySetting>
<IsVisible>true</IsVisible>
<IsDiscoveryUrl>true</IsDiscoveryUrl>
<AutomaticallyTrustAllClientCertificates>false</AutomaticallyTrustAllClientCertificates>
<SecurityCheckOverwrites>
<DisableErrorCertificateTimeInvalid>false</DisableErrorCertificateTimeInvalid>
<DisableErrorCertificateIssuerTimeInvalid>false</DisableErrorCertificateIssuerTimeInvalid>
<DisableErrorCertificateRevocationUnknown>false</DisableErrorCertificateRevocationUnknown>
<DisableErrorCertificateIssuerRevocationUnknown>false</DisableErrorCertificateIssuerRevocationUnknown>
<DisableApplicationUriCheck>false</DisableApplicationUriCheck>
<DisableNonceLengthCheck>false</DisableNonceLengthCheck>
<DisableUserTokenPolicyIdCheck>false</DisableUserTokenPolicyIdCheck>
</SecurityCheckOverwrites>
<CertificateStore>
<OpenSSLStore>
<CertificateTrustListLocation>[ApplicationPath]/pki/trusted/certs</CertificateTrustListLocation>
<CertificateRevocationListLocation>[ApplicationPath]/pki/trusted/crl</CertificateRevocationListLocation>
<IssuersCertificatesLocation>[ApplicationPath]/pki/issuers/certs/</IssuersCertificatesLocation>
<IssuersRevocationListLocation>[ApplicationPath]/pki/issuers/crl/</IssuersRevocationListLocation>
<ServerCertificate>[ApplicationPath]/pki/own/certs/uaservercpp.der</ServerCertificate>
<ServerPrivateKey>[ApplicationPath]/pki/own/private/uaservercpp.pem</ServerPrivateKey>
</OpenSSLStore>
<GenerateCertificate>true</GenerateCertificate>
<CertificateSettings>
<CommonName>[ServerName]</CommonName>
<Organization>Organization</Organization>
<OrganizationUnit>Unit</OrganizationUnit>
<Locality>LocationName</Locality>
<State></State>
<Country>DE</Country>
<YearsValidFor>5</YearsValidFor>
<KeyLength>1024</KeyLength>
</CertificateSettings>
</CertificateStore>
ElementDescriptionDefault
SerializerType The data type encoding for network transport; currently, only Binary is supported
Url URL of the Endpoint; this URL is used for Discovery and to open the Endpoints in the UA stack if no StackUrl is configured. [NodeName] can be used as placeholder for the computer name.
The following configuration alternatives are available:
opc.tcp://[NodeName]:48010
for this URL, the SDK replaces [NodeName] with the host name. The stack binds to all IP addresses (on all network interfaces) of the host. If the host has a dual protocol enabled TCP/IP stack, this includes all network protocol families. If this functionality is not available, the configured preferred protocol (IPv4 of IPv6; part of the stack configuration) is used and the endpoint will only be reachable on network interfaces supporting this protocol type. The host name is returned in the discovery URL.
opc.tcp://MyComputer:48010
for this URL, the stack binds to all IP addresses (on all network interfaces) of the host. If the host has a dual protocol enabled TCP/IP stack, this includes all network protocol families. If this functionality is not available, the configured preferred protocol (IPv4 of IPv6; part of the stack configuration) is used and the endpoint will only be reachable on network interfaces supporting this protocol type. The URL with the host name is returned to clients during discovery.
opc.tcp://192.168.0.15:48010
for this URL, the stack binds just to the IPv4 address and the URL with the IP address is returned to clients during discovery.
opc.tcp://[fe80::20ec:3acb:55d9:a3da]:48010
for this URL, the stack binds just to the IPv6 address and the URL with the IP address is returned to clients during discovery.
StackUrl Optional URL that allows to define a specific address the stack should use to bind to, e.g. opc.tcp://192.168.0.15:48010. It can be used to bind the endpoint to a specific network card or to localhost only.
SecuritySetting Each supported security setting has to be stored in a separate XML element <SecuritySetting> containing the following child elements:
ElementDescription
SecurityPolicy Possible values are #None, #Basic128Rsa15, and #Basic256 (see sample code above).
MessageSecurityMode The possible values depend on the security policy. Set value to None with security policy #None. When using security policies #Basic128Rsa15 and #Basic256, you can choose between Sign and SignAndEncrypt. It is possible to allow Sign as well as SignAndEncrypt (by adding two MessageSecurityModes, see sample code above)).
IsVisible Flag indicating if the endpoint is provided in GetEndpoints and is therefore visible to a client. true
IsDiscoveryUrl Flag indicating if the endpoint URL is provided as discovery URL. true
AutomaticallyTrustAllClientCertificates This option can be activated if certificates are only used for message security but not for application authentication. If set to true, all client certificates will be accepted automatically and will not be stored. It is strongly recommended to use this option only together with user authentication. false
SecurityCheckOverwrites Some of the OPC UA security checks are optional in OPC UA or cause interoperability issues with older OPC UA clients and can be disabled by an administrator of the OPC UA server through the following configuration options (create a separate child element for each check to enable/disable).
ElementDescriptionDefault
DisableErrorCertificateTimeInvalid Flag used to disable the client certificate validation error BadCertificateTimeInvalid. false
DisableErrorCertificateIssuerTimeInvalid Flag used to disable the client certificate validation error BadCertificateIssuerTimeInvalid. false
DisableErrorCertificateRevocationUnknown Flag used to disable the client certificate validation error BadCertificateRevocationUnknown. false
DisableErrorCertificateIssuerRevocationUnknown Flag used to disable the client certificate validation error BadCertificateIssuerRevocationUnknown. false
DisableApplicationUriCheck Flag used to disable the ApplicationUri match check between client certificate and parameter in CreateSession. The check is required for compliant OPC UA servers but older clients may provide a wrong ApplicationUri. false
DisableNonceLengthCheck Flag used to disable the client nonce length check in CreateSession. The check is required for compliant OPC UA servers but older clients may provide a client nonce that is shorter than the required 32 bytes. false
DisableUserTokenPolicyIdCheck Flag used to disable the UserToken PolicyId check in ActivateSession. The check is required for compliant OPC UA servers but older clients may not provide the UserToken PolicyId. false
CertificateStore Certificate store used for PKI certificate handling; different Endpoints can have different stores and different server certificates. See the separate table for child elements.

Element CertificateStore

ElementDescriptionDefault
OpenSSLStore

File based certificate store used with OpenSSL; [ApplicationPath] can be used as placeholder for the application path.
Certificates have to be stored in DER format (with file extension .der).
Revocation lists have to be stored in DER format (with file extension .crl) or in PEM format (with .pem as file extension).
The private key is encoded in PEM format (with .pem as file extension).
A more detailed explanation of certificate management can be found on the website of the OPC Foundation: The OPC UA Security Model for Administrators (pdf document).
<OpenSSLStore> has the following child elements:

ElementDescription
CertificateTrustListLocation The folder where certificates of trusted applications and trusted CAs should be stored. Each CA requires one and only one CRL. The CRL may be empty if no certificates have been revoked yet.
CertificateRevocationListLocation The folder where revocation lists for trusted CAs should be stored.
IssuersCertificatesLocation The folder where issuer certificates are stored. Issuer certificates are CA certificates necessary for the verification of the full trust chain of CA certificates in the trust list. Each CA requires one and only one CRL. The CRL may be empty if no certificates have been revoked yet.
IssuersRevocationListLocation The folder where revocation lists for issuer CAs should be stored.
ServerCertificate The file containing the server certificate.
ServerPrivateKey The file containing the server private key.

The recommended file directory layout for the store has the following directories and subdirectories:

  • own
    • certs: ServerCertificate
    • private: ServerPrivateKey
  • trusted
    • certs: CertificateTrustListLocation
    • crl: CertificateRevocationListLocation
  • issuers
    • certs: IssuersCertificatesLocation
    • crl: IssuersRevocationListLocation
WindowsStore [ApplicationPath] can be used as placeholder for the application path.
<WindowsStore> has the following child elements:
ElementDescription
StoreLocation Location of the store; valid values are LocalMachine and CurrentUser
StoreName Name of the certificate store on the local computer

IssuersStoreName

Name of the certificate store on the local computer where issuer certificates are stored. Issuer certificates are CA certificates necessary for the verification of the full trust chain of CA certificates in the trust list. If the IssuersStoreName is set, you need to make sure that the store exists; i.e. create the store and copy the issuer certificates there.
ServerCertificateThumbprint Thumbprint of the server certificate used to load from store
GenerateCertificate Enable or disable server certificate creation if no certificate is available; possible values: true or false. false
CertificateSettings Settings for a certificate generated by the server; the information is stored in the following child elements:
ElementDescriptionDefault
CommonName Name of the application; [ServerName] can be used as a placeholder for the configured server name (see Server Instance Information).
Organization Name of the organization using the OPC UA server
OrganizationUnit Name of the organization unit using the OPC UA server
Locality Name of the location where the OPC UA server is running
State State where the OPC UA server is running
Country Two letter code for country where the OPC UA server is running e.g. DE or US
YearsValidFor The number of years the certificate is valid for; the maximum accepted number is 20, but it is strongly recommended to use a shorter time interval. 5
KeyLength Key length (in bits) of the certificate to create; valid values are 1024 and 2048 1024

Server Settings

Element Description Default
MaxRequestAge The maximum age of a request (in milliseconds) the server allows. 0 (unlimited)
MaxSessionCount The maximum number of sessions allowed by the server; ; 0 is unlimited. 100
MaxSessionsPerClient The maximum number of sessions the server allows per client; 0 is unlimited. 0
MinSessionTimeout The minimum timeout for a session (in milliseconds) the server allows to set; 0 is unlimited. 10000
MaxSessionTimeout The maximum timeout for a session (in milliseconds) the server allows to set; 0 is unlimited. 3600000
MaxBrowseContinuationPoints The maximum number of Browse Continuation Points managed by a session. 0 (using default settings defined by compiler switch DEFAULT_MAX_BROWSE_CP;
default value: 10)
MaxBrowseResults The maximum number of Browse results for one browse operation. 0 (using default settings defined by compiler switch DEFAULT_MAX_BROWSE_RESULTS;
default value: 1000)
MaxNodesToBrowse The maximum number of nodes to browse the server will accept. 0 (unlimited)
MaxNodesPerHistoryReadData The maximum number of nodes accepted by the server for the HistoryRead service for Raw, Modified, Processed, and AtTime. 0 (unlimited)
MaxNodesPerHistoryReadEvents The maximum number of nodes accepted by the server for the HistoryRead service for Events. 0 (unlimited)
MaxNodesPerHistoryUpdateData The maximum number of nodes accepted by the server for the HistoryUpdate service for Data. 0 (unlimited)
MaxNodesPerHistoryUpdateEvents The maximum number of nodes accepted by the server for the HistoryUpdate service for Events. 0 (unlimited)
MaxHistoryContinuationPoints The maximum number of History Continuation Points managed by a session. 0 (using default settings defined by compiler switch DEFAULT_MAX_HISTORY_READ_CP;
default value: 100)
MinPublishingInterval The minimum publishing interval (in milliseconds) the server allows. 50
MaxPublishingInterval The maximum publishing interval (in milliseconds) the server allows. 0 (no limitation)
MinKeepAliveInterval The minimum KeepAlive interval (in milliseconds) the server allows. 5000
MinSubscriptionLifetime The miniimum Subscription lifetime (in milliseconds) the server allows; 0 is no limitation. 10000
MaxSubscriptionLifetime The maximum Subscription lifetime (in milliseconds) the server allows. 0 (no limitation)
MaxRetransmissionQueueSize The maximum number of messages per Subscription in the republish queue the server allows. 10
MaxNotificationsPerPublish The maximum number of notifications per Publish the server allows. 0 (no limitation)
MaxDataQueueSize The maximum size of data monitored item queues. 100
MaxEventQueueSize The maximum size of event monitored item queues. 1000
MaxSubscriptionCount The maximum number of subscriptions the server allows to create. 0 (unlimited)
MaxSubscriptionsPerSession The maximum number of subscriptions the server allows to create per Session. 0 (unlimited)
MaxMonitoredItemCount The maximum number of monitored items the server allows to create. 0 (unlimited)
MaxMonitoredItemPerSubscriptionCount The maximum number of monitored items per subscription the server allows to create. 0 (unlimited)
MaxMonitoredItemPerSessionCount The maximum number of monitored items per session the server allows to create. 0 (unlimited)
MinSupportedSampleRate The minimum sample interval (in milliseconds) supported by the server. 0
AvailableSamplingRates The settings for the sampling engine; each sampling rate (in milliseconds) has to be stored in a separate child element,
e.g. <SamplingRate>50</SamplingRate>.
50, 100, 250, 500, 1000, 2000, 5000, 10000
AvailableLocaleIds The settings for the available LocaleIds known to be supported by the server; each LocaleId has to be stored in a separate child element,
e.g. <LocaleId>en</LocaleId>.
en
AvailableServerProfiles The settings for the available UA profiles known to be supported by the server; each profile has to be stored in a separate child element. http://opcfoundation.org/UAProfile/Server/StandardUA
IsAuditActivated Flag indicating if audit events are activated; possible values: true or false. false
ThreadPoolSettings The settings for the thread pools used in the server application. A thread pool is a list of worker threads. The minimum size denotes the size of the tread pool at initialization. It grows dynamically until the maximum size is reached. The following child elements can be set:
  • MinSizeTransactionManager
  • MaxSizeTransactionManager
  • MinSizeSubscriptionManager
  • MaxSizeSubscriptionManager
4 (for each)
RejectedCertificatesDirectory Folder used to store rejected client certificates; e.g. [ApplicationPath]/pki/rejected. Administrators can copy files from this folder to the trust list. [Application Path] can be used as a placeholder for the path to the server application.
RejectedCertificatesCount Maximum number of certificates stored in the rejected certificates directory. 100

Build Information for the Server Application

Element Description Default
ProductUri A globally unique identifier for the server product; e.g. urn:UnifiedAutomation:UaServerCpp. Set by define SERVERCONFIG_PRODUCTURI
ManufacturerName A human readable name for manufacturer of the product. Set by define SERVERCONFIG_MANUFACTURERNAME
ProductName A human readable name for the server product. Set by define SERVERCONFIG_PRODUCTNAME
SoftwareVersion A string representing the version of the server product. Set by define SERVERCONFIG_SOFTWAREVERSION
BuildNumber A string representing the build number of the server product. Set by define SERVERCONFIG_BUILDNUMBER

Server Instance Information

These elements provide server instance information defined for the server installation. [NodeName] can be used as a placeholder for the computer name.

Element Description Default
ServerUri A globally unique identifier for the server installation; e.g. urn:[NodeName]:UnifiedAutomation:UaServerCpp. Set by define SERVERCONFIG_SERVERURI
ServerName A human readable name for the server installation; e.g. UaServerCpp@[NodeName]. Set by define SERVERCONFIG_SERVERNAME

User Identity Tokens

The configuration of supported user identity tokens is stored in the element <UserIdentityTokens>. It contains the following child elements:

Element Description Default
EnableAnonymous Enable or disable anonymous log-on; possible values are true or false. true
EnableUserPw Enable or disable user/password log-on; possible values are true or false. false
EnableCertificate Enable or disable certificate based user log-on; possible values are true or false. false
EnableKerberosTicket Enable or disable log-on with kerberos ticket; possible values are true or false. false

Discovery Registration

The configuration for the registration with discovery server(s) is stored in the element <DiscoveryRegistration>. It contains the following child elements:

Element Description Default
AutomaticCertificateExchange Flag indicating if the certificates should be exchanged with the windows certificate store false
DiscoveryServerTrustListLocation Path of the local discovery server trust list. This is where the server copies its certificate to if the file based store of the new LDS is used.
DiscoveryServerStoreName Store name used for the local discovery server in the windows certificate store.
DiscoveryServerCertificateName Certificate name of the local discovery server in the windows certificate store.
RegistrationInterval Interval (in milliseconds) for registration with discovery server(s) 30000
Url List of discovery servers to register with, typically opc.tcp://localhost:4840 (local discovery server); if the list is empty, no registration is executed. Additional remote discovery servers can be added.

Redundancy Support and Additional Server Entries

<RedundancySettings>
<RedundancySupport>Hot</RedundancySupport>
<ServerUri>urn:MyServer:UnifiedAutomation:RedundancySample</ServerUri>
<ServerUri>urn:PC1:UnifiedAutomation:RedundancySample</ServerUri>
<ServerUri>urn:PC2:UnifiedAutomation:RedundancySample</ServerUri>
</RedundancySettings>
<AdditionalServerEntries>
<ApplicationDescription>
<ApplicationUri>urn:PC1:UnifiedAutomation:RedundancySample</ApplicationUri>
<ProductUri>urn:UnifiedAutomation:RedundancySample</ProductUri>
<ApplicationName>RedundancySample@PC1</ApplicationName>
<ApplicationType>Server</ApplicationType>
<GatewayServerUri></GatewayServerUri>
<DiscoveryProfileUri></DiscoveryProfileUri>
<DiscoveryUrl>opc.tcp://PC1:48010</DiscoveryUrl>
<DiscoveryUrl>https://PC1:48011</DiscoveryUrl>
</ApplicationDescription>
<ApplicationDescription>
<ApplicationUri>urn:PC2:UnifiedAutomation:RedundancySample</ApplicationUri>
<ProductUri>urn:UnifiedAutomation:RedundancySample</ProductUri>
<ApplicationName>RedundancySample@PC2</ApplicationName>
<ApplicationType>Server</ApplicationType>
<GatewayServerUri></GatewayServerUri>
<DiscoveryProfileUri></DiscoveryProfileUri>
<DiscoveryUrl>opc.tcp://PC2:48010</DiscoveryUrl>
<DiscoveryUrl>https://PC2:48011</DiscoveryUrl>
</ApplicationDescription>
</AdditionalServerEntries>

Redundancy Settings

This element provides the redundancy settings for the server.

Element Description Default
RedundancySupport Possible redundancy support options are None, Cold, Warm, Hot and Transparent (Transparent requires a special module). None
ServerUri The list of server URIs for the servers in the NonTransparent redundant set. Add a separate child element ServerUri for each server. The server itself has to be included in the list (see sample code).

Additional Server Entries

This is required for the redundancy configuration to provide the discovery URLs for the configured ServerUris of the redundant servers in a non-transparent redundancy set. It is possible to define a list of application descriptions as child elements of <AdditionalServerEntries> as shown in the code sample. [NodeName] can be used as a placeholder for the computer name. The own server must be excluded from the list.

This can also be used to configure other servers on the same system if the server itself is running on Port 4840.

Element Description
ApplicationUri A globally unique identifier for the server product.
ProductUri A globally unique identifier for the product the server belongs to.
ApplicationName A human readable name for the server product.
ApplicationType Possible application types are Server and ClientAndServer.
GatewayServerUri A URI that indentifies the Gateway Server associated with the DiscoveryUrl.
DiscoveryProfileUri A URI that identifies the discovery profile supported by the URL.
DiscoveryUrl URL for the discovery Endpoint provided by the server.

Serializer

This part of the configuration defines the OPC UA Stack serializer settings and are stored in the element <Serializer>. Set these values carefully, as they are the security constraints for the serializer. The following child elements can be set:

Element Description Default
MaxAlloc The largest size for a memory block the serializer can do when deserializing a message. Set by define OPCUA_SERIALIZER_MAXALLOC
MaxStringLength The largest string accepted by the serializer. Set by define OPCUA_ENCODER_MAXSTRINGLENGTH
MaxByteStringLength The largest byte string accepted by the serializer. Set by define OPCUA_ENCODER_MAXBYTESTRINGLENGTH
MaxArrayLength Maximum number of elements in an array accepted by the serializer. Set by define OPCUA_ENCODER_MAXARRAYLENGTH
MaxMessageSize The maximum number of bytes per message in total. Set by define OPCUA_ENCODER_MAXMESSAGELENGTH

Stack Thread Pool Settings

The element <StackThreadPoolSettings> stores the settings for the thread pool used in the OPC UA Stack. It contains the following child elements:

Element Description Default
Enabled Controls whether the secure listener uses a thread pool to dispatch received requests. false
MinThreads The minimum number of threads in the thread pool. 5
MaxThreads The maximum number of threads in the thread pool. 5
MaxJobs The length of the queue with jobs waiting for a free thread. 20
BlockOnAdd If MaxJobs is reached, the add operation can block or return an error. true
Timeout If the add operation blocks on a full job queue, this value sets the maximum waiting time (in milliseconds). 0 is infinite. infinite

INI Configuration File

An INI based example configuration file can be found in [Installation Directory]/bin.

Build Information for the Server Application

ProductUri=urn:[NodeName]:UnifiedAutomation:UaServerCpp
ManufacturerName=Unified Automation GmbH
ProductName=C++ SDK OPC UA Demo Server
SoftwareVersion=1.4.0
BuildNumber=250
Parameter Description Default
ProductUri A globally unique identifier for the server product Set by define SERVERCONFIG_PRODUCTURI
ManufacturerName A human readable name for manufacturer of the product. Set by define SERVERCONFIG_MANUFACTURERNAME
ProductName A human readable name for the server product. Set by define SERVERCONFIG_PRODUCTNAME
SoftwareVersion A string representing the version of the server product. Set by define SERVERCONFIG_SOFTWAREVERSION
BuildNumber A string representing the build number of the server product. Set by define SERVERCONFIG_BUILDNUMBER

Server Instance Information

These parameters provide server instance information defined for the server installation. [NodeName] can be used as a placeholder for the computer name.

ServerUri=urn:[NodeName]:UnifiedAutomation:UaServerCpp
ServerName=UaServerCpp@[NodeName]
Parameter Description Default
ServerUri A globally unique identifier for the server installation. Set by define SERVERCONFIG_SERVERURI
ServerName A human readable name for the server installation. Set by define SERVERCONFIG_SERVERNAME

Trace

Here, the trace settings for the OPC UA Stack and OPC UA Application are stored. The following parameters can be set:

Trace/UaAppTraceFile=[ApplicationPath]/srvTrace.log
Trace/UaAppTraceEnabled=false
Trace/UaAppTraceLevel=Data
Trace/UaStackTraceEnabled=false
Trace/UaStackTraceLevel=ALL
Trace/UaAppTraceMaxBackup=5
Trace/UaAppTraceMaxEntries=100000
Trace/TraceEvents=History
Property Description Default
UaAppTraceFile The trace file; [Application Path] can be used as a placeholder for the path to the server application. Set by define SERVERCONFIG_SERVERTRACEFILE
UaStackTraceEnabled Enable or disable the UA stack trace; possible values are true or false. false
UaStackTraceLevel The UA stack trace level; possible values are
NONE
No Trace
ERROR
Critical errors, which require attention, i.e. unexpected errors and/or errors requiring external actions
WARNING
Non-critical faults, which should not go unnoticed but are handled internally
SYSTEM
Rare major events (good cases) like initializations, shutdown, etc.
INFO
Regular good case events, like connects, renews
DEBUG
Used for debugging purposes
CONTENT
Used to add additional content (i.e. whole message bodies) to debug traces
ALL
All outputs
NONE
UaAppTraceEnabled Enable or disable the UA server application trace; possible values are true or false false
UaAppTraceLevel The UA server application trace level; possible values are
NoTrace
No Trace
Errors
Unexpected errors
Warning
Unexpected behaviour that is not an error
Info
Information about important activities, like connection establishment
InterfaceCall
Calls to module interfaces
CtorDtor
Creation and destruction of objects
ProgramFlow
Internal program flow
Data
Data
NoTrace
UaAppTraceMaxBackup The maximum number of backup files 5
UaAppTraceMaxEntries The maximum number of trace entries in one file 100000
TraceEvents Setting to allow clients to get the SDK trace outputs for trace levels Errors, Warning and Info via HistoryRead for events and/or Events from the server. Possible values are: History

Server Settings

MaxRequestAge=0
MaxSessionCount=100
MaxSessionsPerClient=0
MinSessionTimeout=10000
MaxSessionTimeout=3600000
MaxBrowseContinuationPoints=0
MaxBrowseResults=0
MaxNodesToBrowse=0
MaxNodesPerHistoryReadData=0
MaxNodesPerHistoryReadEvents=0
MaxNodesPerHistoryUpdateData=0
MaxNodesPerHistoryUpdateEvents=0
MaxHistoryContinuationPoints=0
MinPublishingInterval=50
MaxPublishingInterval=0
MinKeepAliveInterval=5000
MinSubscriptionLifetime=10000
MaxSubscriptionLifetime=0
MaxRetransmissionQueueSize=20
MaxNotificationsPerPublish=0
MaxDataQueueSize=100
MaxEventQueueSize=10000
MaxSubscriptionCount=0
MaxSubscriptionsPerSession=10
MaxMonitoredItemCount=0
MaxMonitoredItemPerSubscriptionCount=0
MaxMonitoredItemPerSessionCount=0
MinSupportedSampleRate=0
AvailableSamplingRates/SamplingRate_1=0
AvailableSamplingRates/SamplingRate_2=50
AvailableSamplingRates/SamplingRate_3=100
AvailableSamplingRates/SamplingRate_4=250
AvailableSamplingRates/SamplingRate_5=500
AvailableSamplingRates/SamplingRate_6=1000
AvailableSamplingRates/SamplingRate_7=2000
AvailableSamplingRates/SamplingRate_8=5000
AvailableSamplingRates/SamplingRate_9=10000
AvailableLocaleIds/LocaleId_1=en
AvailableServerProfiles/ServerProfileUri_1=http://opcfoundation.org/UAProfile/Server/StandardUA
AvailableServerProfiles/ServerProfileUri_2=http://opcfoundation.org/UAProfile/Server/DataAccess
AvailableServerProfiles/ServerProfileUri_3=http://opcfoundation.org/UAProfile/Server/Methods
AvailableServerProfiles/ServerProfileUri_4=http://opcfoundation.org/UAProfile/Server/NodeManagement
AvailableServerProfiles/ServerProfileUri_5=http://opcfoundation.org/UAProfile/Server/EventSubscription
IsAuditActivated=false
ThreadPoolSettings/MinSizeTransactionManager=1
ThreadPoolSettings/MaxSizeTransactionManager=10
ThreadPoolSettings/MinSizeSubscriptionManager=1
ThreadPoolSettings/MaxSizeSubscriptionManager=10
RejectedCertificatesDirectory=[ApplicationPath]/pki/rejected
RejectedCertificatesCount=100
Parameter Description Default
MaxRequestAge The maximum age of a request (in milliseconds) the server allows. 0 (unlimited)
MaxSessionCount The maximum number of sessions allowed by the server; 0 is unlimited. 100
MaxSessionsPerClient The maximum number of sessions the server allows per client; 0 is unlimited. 0
MinSessionTimeout The minimum timeout for a session (in milliseconds) the server allows to set; 0 is unlimited. 10000
MaxSessionTimeout The maximum timeout for a session (in milliseconds) the server allows to set; 0 is unlimited. 3600000
MaxNodesPerHistoryReadData The maximum number of nodes accepted by the server for the HistoryRead service for Raw, Modified, Processed, and AtTime. 0 (unlimited)
MaxNodesPerHistoryReadEvents The maximum number of nodes accepted by the server for the HistoryRead service for Events. 0 (unlimited)
MaxNodesPerHistoryUpdateData The maximum number of nodes accepted by the server for the HistoryUpdate service for Data. 0 (unlimited)
MaxNodesPerHistoryUpdateEvents The maximum number of nodes accepted by the server for the HistoryUpdate service for Events. 0 (unlimited)
MaxBrowseContinuationPoints The maximum number of Browse Continuation Points managed by a session. 0 (using default settings defined by compiler switch DEFAULT_MAX_BROWSE_CP;
default value: 10)
MaxBrowseResults The maximum number of Browse results for one browse operation. 0 (using default settings defined by compiler switch DEFAULT_MAX_BROWSE_RESULTS;
default value: 1000)
MaxNodesToBrowse The maximum number of nodes to browsethe server will accept. 0 (unlimited)
MaxHistoryContinuationPoints The maximum number of History Continuation Points managed by a session. 0 (using default settings defined by compiler switch DEFAULT_MAX_HISTORY_READ_CP;
default value: 100)
MinPublishingInterval The minimum publishing interval (in milliseconds) the server allows. 50
MaxPublishingInterval The maximum publishing interval (in milliseconds) the server allows. 0 (no limitation)
MinKeepAliveInterval The minimum KeepAlive interval (in milliseconds) the server allows. 5000
MinSubscriptionLifetime The minimum Subscription lifetime (in milliseconds) the server allows; 0 is no limitation. 10000
MaxSubscriptionLifetime The maximum Subscription lifetime (in milliseconds) the server allows. 0 (no limitation)
MaxRetransmissionQueueSize The maximum number of messages per Subscription in the republish queue the server allows. 10
MaxNotificationsPerPublish The maximum number of notifications per Publish the server allows. 0 (no limitation)
MaxDataQueueSize The maximum size of data monitored item queues. 100
MaxEventQueueSize The maximum size of event monitored item queues. 1000
MaxSubscriptionCount The maximum number of subscriptions the server allows to create. 0 (unlimited)
MaxSubscriptionsPerSession The maximum number of subscriptions the server allows to create per Session. 0 (unlimited)
MaxMonitoredItemCount The maximum number of monitored items the server allows to create. 0 (unlimited)
MaxMonitoredItemPerSubscriptionCount The maximum number of monitored items per subscription the server allows to create. 0 (unlimited)
MaxMonitoredItemPerSessionCount The maximum number of monitored items per session the server allows to create. 0 (unlimited)
MinSupportedSampleRate The minimum sample interval supported by the server. 0
AvailableSamplingRates The settings for the sampling engine; add a line AvailableSamplingRates/SamplingRate_[n]=[sampling rate in milliseconds] for each sampling rate (see sample code). 50, 100, 250, 500, 1000, 2000, 5000, 10000
AvailableLocaleIds The settings for the available LocaleIds known to be supported by the server; add a line AvailableLocaleIds/LocaleId_[n]=[Locale ID] for each Locale ID (see sample code). en
AvailableServerProfiles The settings for the available UA profiles known to be supported by the server; add a line AvailableServerProfiles/ServerProfileUri_[n]=[Server Profile URI] for each Server Profile URI (see sample code). http://opcfoundation.org/UAProfile/Server/StandardUA
IsAuditActivated Flag indicating if audit events are activated; possible values: true or false. false
ThreadPoolSettings The settings for the thread pools used in the server application; the following parameters can be set (each in a separate line ThreadPoolSettings/[parameter]=[value]): MaxSizeTransactionManager, MinSizeTransactionManager, MaxSizeSubscriptionManager, MinSizeSubscriptionManager (see sample code). 4 (for each)
RejectedCertificatesDirectory Folder used to store rejected client certificates; e.g. [ApplicationPath]/pki/rejected. Administrators can copy files from this folder to the trust list. [Application Path] can be used as a placeholder for the path to the server application.
RejectedCertificatesCount Maximum number of certificates stored in the rejected certificates directory. 100

User Identity Tokens

The configuration of supported user identity tokens is stored in the parameter set UserIdentityTokens containing the following parameters:

UserIdentityTokens/EnableUserPw=true
UserIdentityTokens/EnableAnonymous=true
UserIdentityTokens/EnableCertificate=false
UserIdentityTokens/EnableKerberosTicket=false
Parameter Description Default
EnableAnonymous Enable or disable anonymous log-on; possible values are true or false true
EnableUserPw Enable or disable user/password log-on; possible values are true or false false
EnableCertificate Enable or disable certificate based user log-on; possible values are true or false. false
EnableKerberosTicket Enable or disable log-on with kerberos ticket; possible values are true or false. false

Serializer

This part of the configuration defines the OPC UA Stack serializer settings. Set these values carefully, as they are the security constraints for the serializer. The following parameters can be set:

Serializer/MaxAlloc=16777216
Serializer/MaxStringLength=16777216
Serializer/MaxByteStringLength=16777216
Serializer/MaxArrayLength=65536
Serializer/MaxMessageSize=16777216
Parameter Description Default
MaxAlloc The largest size for a memory block the serializer can do when deserializing a message. Set by define OPCUA_SERIALIZER_MAXALLOC
MaxStringLength The largest string accepted by the serializer. Set by define OPCUA_ENCODER_MAXSTRINGLENGTH
MaxByteStringLength The largest byte string accepted by the serializer. Set by define OPCUA_ENCODER_MAXBYTESTRINGLENGTH
MaxArrayLength Maximum number of elements in an array accepted by the serializer. Set by define OPCUA_ENCODER_MAXARRAYLENGTH
MaxMessageSize The maximum number of bytes per message in total. Set by define OPCUA_ENCODER_MAXMESSAGELENGTH

Stack Thread Pool Settings

The parameter set StackThreadPoolSettings stores the settings for the thread pool used in the OPC UA Stack. The following parameters can be set:

StackThreadPoolSettings/Enabled=false
StackThreadPoolSettings/MaxJobs=20
StackThreadPoolSettings/Timeout=0
StackThreadPoolSettings/BlockOnAdd=true
StackThreadPoolSettings/MinThreads=5
StackThreadPoolSettings/MaxThreads=10
Parameter Description Default
Enabled Controls whether the secure listener uses a thread pool to dispatch received requests. false
MaxJobs The length of the queue with jobs waiting for a free thread. 20
Timeout If the add operation blocks on a full job queue, this value sets the maximum waiting time (in milliseconds). 0 is infinite. infinite
BlockOnAdd If MaxJobs is reached, the add operation can block or return an error. true
MaxThreads The maximum number of threads in the thread pool. 5
MinThreads The minimum number of threads in the thread pool. 5

Discovery Registration

DiscoveryRegistration/AutomaticCertificateExchange=false
DiscoveryRegistration/DiscoveryServerStoreName=UA Applications
DiscoveryRegistration/DiscoveryServerCertificateName=UA Local Discovery Server
DiscoveryRegistration/RegistrationInterval=30000
DiscoveryRegistration/Url_1=opc.tcp://localhost:4840

The configuration for the registration with discovery server(s) is stored in the parameter set DiscoveryRegistration containing the following parameters:

Parameter Description Default
AutomaticCertificateExchange Flag indicating if the certificates should be exchanged with the windows certificate store false
DiscoveryServerTrustListLocation Path of the local discovery server trust list. This is where the server copies its certificate to if the file based store of the new LDS is used.
DiscoveryServerStoreName Store name used for the local discovery server in the windows certificate store.
DiscoveryServerCertificateName Certificate name of the local discovery server in the windows certificate store.
RegistrationInterval Interval (in milliseconds) for registration with discovery server(s) 30000
Url List of discovery servers to register with, typically opc.tcp://localhost:4840 (local discovery server); if the list is empty, no registration is executed. To add additional remote discovery servers, add each in a separate line, consecutively numbered (DiscoveryRegistration/Url_[n]=[Server Url]).

Redundancy Support and Additional Server Entries

RedundancySettings/RedundancySupport=Hot
RedundancySettings/ServerUri_1=urn:MyServer:UnifiedAutomation:RedundancySample
RedundancySettings/ServerUri_2=urn:PC1:UnifiedAutomation:RedundancySample
RedundancySettings/ServerUri_3=urn:PC2:UnifiedAutomation:RedundancySample
AdditionalServerEntries/ApplicationDescription_1/ApplicationUri=urn:PC1:UnifiedAutomation:RedundancySample
AdditionalServerEntries/ApplicationDescription_1/ProductUri=urn:UnifiedAutomation:RedundancySample
AdditionalServerEntries/ApplicationDescription_1/ApplicationName=RedundancySample@PC1
AdditionalServerEntries/ApplicationDescription_1/ApplicationType=Server
AdditionalServerEntries/ApplicationDescription_1/GatewayServerUri=
AdditionalServerEntries/ApplicationDescription_1/DiscoveryProfileUri=
AdditionalServerEntries/ApplicationDescription_1/DiscoveryUrl_1=opc.tcp://PC1:48010
AdditionalServerEntries/ApplicationDescription_1/DiscoveryUrl_2=https://PC1:48011
AdditionalServerEntries/ApplicationDescription_2/ApplicationUri=urn:PC2:UnifiedAutomation:RedundancySample
AdditionalServerEntries/ApplicationDescription_2/ProductUri=urn:UnifiedAutomation:RedundancySample
AdditionalServerEntries/ApplicationDescription_2/ApplicationName=RedundancySample@PC2
AdditionalServerEntries/ApplicationDescription_2/ApplicationType=Server
AdditionalServerEntries/ApplicationDescription_2/GatewayServerUri=
AdditionalServerEntries/ApplicationDescription_2/DiscoveryProfileUri=
AdditionalServerEntries/ApplicationDescription_2/DiscoveryUrl_1=opc.tcp://PC2:48010
AdditionalServerEntries/ApplicationDescription_2/DiscoveryUrl_2=https://PC2:48011

Redundancy Settings

This parameter set provides the redundancy settings for the server.

Element Description Default
RedundancySupport Possible redundancy support options are None, Cold, Warm, Hot and Transparent (Transparent requires a special module). None
ServerUri The list of server URIs for the servers in the NonTransparent redundant set. Add a separate line in the form RedundancySettings/ServerUri_[n]=[ServerUri] for each server. The server itself has to be included in the list (see sample code).

Additional Server Entries

This is required for the redundancy configuration to provide the discovery URLs for the configured ServerUris of the redundant servers in a non-transparent redundancy set. It is possible to define a list of application descriptions numbered consecutively as shown in the code sample. [NodeName] can be used as a placeholder for the computer name. The own server must be excluded from the list.

This can also be used to configure other servers on the same system if the server itself is running on Port 4840.

Element Description
ApplicationUri A globally unique identifier for the server product.
ProductUri A globally unique identifier for the product the server belongs to.
ApplicationName A human readable name for the server product.
ApplicationType Possible application types are Server and ClientAndServer.
GatewayServerUri A URI that identifies the Gateway Server associated with the DiscoveryUrl.
DiscoveryProfileUri A URI that identifies the discovery profile supported by the URL.
DiscoveryUrl URL for the discovery Endpoint provided by the server.

Endpoint Configuration

The following code gives an example for a parameter set resulting in a completely configured endpoint. Use consecutively numbered parameter sets UaEndpoint_[n] for additional Endpoints.

UaEndpoint_1/Url=opc.tcp://[NodeName]:48010
UaEndpoint_1/SerializerType=Binary
UaEndpoint_1/AutomaticallyTrustAllClientCertificates = false
UaEndpoint_1/SecuritySetting_1/SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#None
UaEndpoint_1/SecuritySetting_1/MessageSecurityMode=None
UaEndpoint_1/SecuritySetting_2/SecurityPolicy=http://opcfoundation.org/UA/SecurityPolicy#Basic256
UaEndpoint_1/SecuritySetting_2/MessageSecurityMode_1=Sign
UaEndpoint_1/SecuritySetting_2/MessageSecurityMode_2=SignAndEncrypt
UaEndpoint_1/SecurityCheckOverwrites/DisableErrorCertificateTimeInvalid=false
UaEndpoint_1/SecurityCheckOverwrites/DisableErrorCertificateIssuerTimeInvalid=false
UaEndpoint_1/CertificateStore/OpenSSLStore/CertificateTrustListLocation=[ApplicationPath]/pki/trusted/certs/
UaEndpoint_1/CertificateStore/OpenSSLStore/CertificateRevocationListLocation=[ApplicationPath]/pki/trusted/crl/
UaEndpoint_1/CertificateStore/OpenSSLStore/IssuersCertificatesLocation=[ApplicationPath]/pki/issuers/certs/
UaEndpoint_1/CertificateStore/OpenSSLStore/IssuersRevocationListLocation=[ApplicationPath]/pki/issuers/crl/
UaEndpoint_1/CertificateStore/OpenSSLStore/ServerCertificate=[ApplicationPath]/pki/own/certs/uaservercpp.der
UaEndpoint_1/CertificateStore/OpenSSLStore/ServerPrivateKey=[ApplicationPath]/pki/own/private/uaservercpp.pem
UaEndpoint_1/CertificateStore/GenerateCertificate=true
UaEndpoint_1/CertificateStore/CertificateSettings/Country=DE
UaEndpoint_1/CertificateStore/CertificateSettings/Locality=LocationName
UaEndpoint_1/CertificateStore/CertificateSettings/CommonName=[ServerName]
UaEndpoint_1/CertificateStore/CertificateSettings/Organization=Organization
UaEndpoint_1/CertificateStore/CertificateSettings/OrganizationUnit=Unit
UaEndpoint_1/CertificateStore/CertificateSettings/YearsValidFor=5
UaEndpoint_1/CertificateStore/CertificateSettings/KeyLength=1024

The following table gives an overview of the configurable parameters for each Endpoint.

ParameterDescriptionDefault
Url URL of the Endpoint; this URL is used for Discovery and to open the Endpoints in the UA stack if no StackUrl is configured. [NodeName] can be used as placeholder for the computer name.
SerializerType The data type encoding for network transport; currently, only Binary is supported
AutomaticallyTrustAllClientCertificates This option can be activated if certificates are only used for message security but not for application authentication. If set to true, all client certificates will be accepted automatically and will not be stored. It is strongly recommended to use this option only together with user authentication. false
StackUrl Optional URL that allows to define a specific address the stack should use to bind to, e.g. opc.tcp://192.168.0.15:48011. It can be used to bind the endpoint to a specific network card or to localhost only.
IsVisible Flag indicating if the endpoint is provided in GetEndpoints and is therefore visible to a client. true
IsDiscoveryUrl Flag indicating if the endpoint URL is provided as discovery URL. true
SecuritySetting Each supported security setting has to be stored in a separate parameter set UaEndpoint_[m]/SecuritySetting_[n]/[parameter]=[value], numbered consecutively (see sample code). The following parameters can be specified:
ParameterDescription
SecurityPolicy Possible values are #None, #Basic128Rsa15, and #Basic256 (see sample code above).
MessageSecurityMode The possible values depend on the security policy. Set value to None with security policy #None. When using security policies #Basic128Rsa15 and #Basic256, you can choose between Sign and SignAndEncrypt. If you would like to allow Sign as well as SignAndEncrypt, add a separate line and number the message security modes consecutively.
SecurityCheckOverwrites Some of the OPC UA security checks are optional in OPC UA or cause interoperability issues with older OPC UA clients and can be disabled by an administrator of the OPC UA server using the following configuration options. Add a separate line UaEndpoint_[m]/SecurityCheckOverwrites/[parameter]=[value] for each parameter (see sample code).
ParameterDescriptionDefault
DisableErrorCertificateTimeInvalid Flag used to disable the client certificate validation error BadCertificateTimeInvalid. false
DisableErrorCertificateIssuerTimeInvalid Flag used to disable the client certificate validation error BadCertificateIssuerTimeInvalid. false
DisableErrorCertificateRevocationUnknown Flag used to disable the client certificate validation error BadCertificateRevocationUnknown. false
DisableErrorCertificateIssuerRevocationUnknown Flag used to disable the client certificate validation error BadCertificateIssuerRevocationUnknown. false
DisableApplicationUriCheck Flag used to disable the ApplicationUri match check between client certificate and parameter in CreateSession. The check is required for compliant OPC UA servers but older clients may provide a wrong ApplicationUri. false
DisableNonceLengthCheck Flag used to disable the client nonce length check in CreateSession. The check is required for compliant OPC UA servers but older clients may provide a client nonce that is shorter than the required 32 bytes. false
DisableUserTokenPolicyIdCheck Flag used to disable the UserToken PolicyId check in ActivateSession. The check is required for compliant OPC UA servers but older clients may not provide the UserToken PolicyId. false
CertificateStore Certificate store used for PKI certificate handling; different Endpoints can have different stores and different server certificates. See the separate table for related parameters.

Parameter Set CertificateStore

ParameterDescriptionDefault
OpenSSLStore File based certificate store used with OpenSSL; [ApplicationPath] can be used as placeholder for the application path.
Certificates have to be stored in DER format (with file extension .der).
Revocation lists have to be stored in DER format (with file extension .crl) or in PEM format (with .pem as file extension).
The private key is encoded in PEM format (with .pem as file extension).
A more detailed explanation of certificate management can be found on the website of the OPC Foundation: The OPC UA Security Model for Administrators (pdf document).
The following parameters have to be set:
ParameterDescription
CertificateTrustListLocation The folder where certificates of trusted applications and trusted CAs should be stored. Each CA requires one and only one CRL. The CRL may be empty if no certificates have been revoked yet.
CertificateRevocationListLocation The folder where revocation lists for trusted CAs should be stored.
IssuersCertificatesLocation The folder where issuer certificates are stored. Issuer certificates are CA certificates necessary for the verification of the full trust chain of CA certificates in the trust list. Each CA requires one and only one CRL. The CRL may be empty if no certificates have been revoked yet.
IssuersRevocationListLocation The folder where revocation lists for issuer CAs should be stored.
ServerCertificate The file containing the server certificate.
ServerPrivateKey The file containing the server private key.
WindowsStore [ApplicationPath] can be used as placeholder for the application path.
The following parameters have to be set:
ParameterDescription
StoreLocation Location of the store; valid values are LocalMachine and CurrentUser
StoreName Name of the certificate store on the local computer
ServerCertificateThumbprint Thumbprint of the server certificate used to load from store
GenerateCertificate Enable or disable server certificate creation if no certificate is available; possible values: true or false. false
CertificateSettings Settings for a certificate generated by the server; the information is stored in the following parameters:
ParameterDescriptionDefault
CommonName Name of the application; the default value is [ServerName], which is a placeholder for the configured server name (see Server Instance Information).
Organization Name of the organization using the OPC UA server
OrganizationUnit Name of the organization unit using the OPC UA server
Locality Name of the location where the OPC UA server is running
State State where the OPC UA server is running
Country Two letter code for country where the OPC UA server is running e.g. DE or US
YearsValidFor The number of years the certificate is valid for; the maximum accepted number is 20, but it is strongly recommended to use a shorter time interval. 5
KeyLength Key length (in bits) of the certificate to create; valid values are 1024 and 2048 1024