OPC UA secure channel

The eUA server supports client communication over encrypted endpoints by default. 

To configure the endpoints, refer to OPC UA endpoint configuration

Client application authentication

The eUA server supports client certificate authentication over secure endpoints by default. The certificates of OPC UA clients which the server accepts are located in a trust store. The used trust store depends on the server certificate configuration.

Server Certificate Trust Store
Self signed by controller OPC UA-configurable
File on controller OPC UA-configurable
Provided by OPC UA GDS <ClientTrustStore>

Notice that certificate authentication is disabled if:

  • The trust store is empty 
  • Application authentication is disabled by eUA server configuration (executed in PLCnext Engineer)
  • SecurityPolicy#NONE endpoint is used

The eUA Server uses the PLCnext certificate trust store.

To manage the trust store certificates, refer to Certificate authentication

Note: Make sure that the system date and time is set correctly for checking client certificate validity.

To configure application authentication, refer to Discovery server


•  Web browser recommendation: Chrome/Edge 88 or newer, Firefox ESR 90 or neweror Safari • 
• Published/reviewed: 2022-09-14 • Revision 046 •