Running and Testing the SECS/GEM OPC UA Server

The SECS/GEM OPC UA Server is generated from a TransSECS Servers project using the OPCUA deployment option. After the build is complete you will see an OPCUA directory in your project folder. Use the run.bat on Windows to start the server, or run.sh on Linux. If you are not running trial software you will need to copy your system's runtime license into this directory before you can start the server. Once the OPC UA Server is started, you can connect an OPC UA Client to browse tags. The Endpoint URL for this server will be opc.tcp://127.0.0.1:12686/MIXOPCServer for testing purposes. Other Endpoint URLs can be used (are logged when the server starts in the OPCUA.log in the deployment directory).

When you run the server for the first time you will see two directories get created in the deployment directory: security and certificates. These will be important in later steps, below.

UaExpert is a free and full-featured OPC UA Client and is recommended for testing this OPC UA Server. Go to https://www.unified-automation.com/products/development-tools/uaexpert.html and use the Free Download button near the top right of this page to download the software for either Windows or Linux.

When you start UaExpert you will need to add (+) a connection. Configure the client connection to the SECS/GEM OPC UA Server as shown in the figure below:

In this example we have selected the Basic256Sha256 security policy using the Sign & Encrypt model. This means we will be using certificates to ensure a secure connection. For testing you can also select None/None but for production you should use certificates.

The Authentication is set to Anonymous. For the SECS/GEM OPC UA server running on a local (not cloud-based) system this is appropriate.

The session URN at the bottom will be based on your system.

After adding the connection, you will see this in the UaExpert project panel, such as the image below:

When you right click on the new connection you can select “Connect”. If the OPC UA server is running (and you have not yet completed a certificate exchange) you will see a panel pop up indicating that the connection is not yet “trusted”.

Select the option button “Trust Server Certificate” to continue and the panel will update with the “Good” status.

Press the Continue button at the bottom to close this panel.

Once you trust the server certificate you will have also generated a client certificate in the OPCUA deployment directory under OPCUA/security/security/pki/rejected. You will see a file with a very long name. This client certificate is in the “rejected” directory until you move it (do not just copy it) to the “trusted certs” directory under OPCUA/security/security/pki/trusted/certs.

This completes the certificate exchange between this client (UaExpert) and the SECS/GEM OPC UA server. Now when you right click on the connection made a few steps earlier the client will connect to the server and you can browse for tags.