How to publish or subscribe to secure OPC UA PubSub messages: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
| Line 2: | Line 2: | ||
= Publish secure messages in UADemoPublisher = | = Publish secure messages in UADemoPublisher = | ||
publish --EnabledConnection DynamicLayoutConnection --EnabledDataSetWriter SimpleWriter --SecurityMode SignAndEncrypt --SecurityKeyServiceUri opc.tcp://localhost:48010 --SecurityKeyServiceMessageSecurity SignAndEncrypt --SecurityKeyServiceUserInfo root:secret --SecurityGroupId TestGroup | publish --EnabledConnection DynamicLayoutConnection --EnabledDataSetWriter SimpleWriter --SecurityMode SignAndEncrypt --SecurityKeyServiceUri opc.tcp://localhost:48010 --SecurityKeyServiceMessageSecurity SignAndEncrypt --SecurityKeyServiceUserInfo root:secret --SecurityGroupId TestGroup | ||
Explanation of the command line arguments and options used: | |||
; --EnabledConnection DynamicLayoutConnection : Normally, messages are published on multiple connections. For easier troubleshooting, this option selects just one of them. | |||
; --EnabledDataSetWriter SimpleWriter : Normally, multiple dataset writers contribute to a network message. For easier troubleshooting, this option selects just one of them. | |||
; --SecurityMode SignAndEncrypt : Specifies the security mode for the PubSub network messages produced. | |||
; --SecurityKeyServiceUri opc.tcp://localhost:48010 : Specifies the URL of the SKS (Security Key Service) endpoint. | |||
; --SecurityKeyServiceMessageSecurity SignAndEncrypt : Specifies the security mode that will be used to connect to the SKS. | |||
; --SecurityKeyServiceUserInfo root:secret : Specifies the user name and password used for "logging in" to the SKS. | |||
; --SecurityGroupId TestGroup : Specifies the Id of the security group in the SKS that will be used (the security group in the SKS is configured to use certain security policy, and has other parameters detailing how the security keys are generated). | |||
= Subscribe to secure messages in OpcCmd utility = | = Subscribe to secure messages in OpcCmd utility = | ||
Revision as of 08:38, 2 April 2021
Publish secure messages in UADemoPublisher
publish --EnabledConnection DynamicLayoutConnection --EnabledDataSetWriter SimpleWriter --SecurityMode SignAndEncrypt --SecurityKeyServiceUri opc.tcp://localhost:48010 --SecurityKeyServiceMessageSecurity SignAndEncrypt --SecurityKeyServiceUserInfo root:secret --SecurityGroupId TestGroup
Explanation of the command line arguments and options used:
- --EnabledConnection DynamicLayoutConnection
- Normally, messages are published on multiple connections. For easier troubleshooting, this option selects just one of them.
- --EnabledDataSetWriter SimpleWriter
- Normally, multiple dataset writers contribute to a network message. For easier troubleshooting, this option selects just one of them.
- --SecurityMode SignAndEncrypt
- Specifies the security mode for the PubSub network messages produced.
- --SecurityKeyServiceUri opc.tcp
- //localhost:48010 : Specifies the URL of the SKS (Security Key Service) endpoint.
- --SecurityKeyServiceMessageSecurity SignAndEncrypt
- Specifies the security mode that will be used to connect to the SKS.
- --SecurityKeyServiceUserInfo root
- secret : Specifies the user name and password used for "logging in" to the SKS.
- --SecurityGroupId TestGroup
- Specifies the Id of the security group in the SKS that will be used (the security group in the SKS is configured to use certain security policy, and has other parameters detailing how the security keys are generated).
Subscribe to secure messages in OpcCmd utility
uaSubscriber subscribeDataSet opc.udp://239.0.0.1:4840 --SecurityMode SecuritySignAndEncrypt --SecurityKeyServiceUri opc.tcp://localhost:48010 --SksTemplateMessageSecurity SecuritySignAndEncrypt --SksTemplateUser root:secret --SecurityGroupId TestGroup
Enable security event tracing in command-line tools
Use the following command in the OpcCmd utility or in UADemoPublisher (at the beginning of the program session) to enable tracing of security-related events:
!diagnostics switches setValue 1 --multiple --contains Security --typeName BooleanSwitch