OPC UA secure channel
The eUA server supports client communication over encrypted endpoints by default.
To configure the endpoints, refer to OPC UA endpoint configuration.
Client application authentication
The eUA server supports client certificate authentication over secure endpoints by default. The certificates of OPC UA® clients which the server accepts are located in a trust store. The used trust store depends on the server certificate configuration.
| Server Certificate | Trust Store |
| Self signed by controller | OPC UA-configurable |
| File on controller | OPC UA-configurable |
| Provided by OPC UA GDS | <ClientTrustStore> |
Notice that certificate authentication is disabled if:
- The trust store is empty
- Application authentication is disabled by eUA server configuration (executed in PLCnext Engineer)
- SecurityPolicy#NONE endpoint is used
The eUA Server uses the PLCnext Technology certificate trust store.
To manage the trust store certificates, refer to Certificate authentication
Note: Make sure that the system date and time is set correctly for checking client certificate validity.
To configure application authentication, refer to Discovery server