Using OpcCmd Utility to work with OPC UA Security Key Service (SKS)

From OPC Labs Knowledge Base
Revision as of 20:19, 15 March 2021 by User (talk | contribs) (→‎Tutorial)
Jump to navigation Jump to search

For general information about the OpcCmd tool, see Category:OpcCmd Utility.

Tutorial

If you execute the commands listed in the tutorial below, you will get an overview of basic operations that can be made with an OPC UA Server that provides OPC UA Security Key Service (SKS).

This tutorial works with Unified Automation C++ SDK Demo Server. You should be able to use the principles explained in this tutorial with other OPC UA servers that provide the Security Key Service, by modifying the relevant parameters used in the commands.


  1. Start the Unified Automation C++ SDK Demo Server. In Windows, type start uaservercpp.exe at the operating system command prompt.
    Uaservercpp.png

  2. Start the OpcCmd utility in interactive mode. The interactive mode is always in effect e.g. when you use ClickOnce, or when running the utility from QuickOPC Launcher/Start menu. In other cases, you need to use the -i (or --interactive) option on the command line.

  3. Using an external tool, configure a security group with Id "TestGroup" inside the Security Key Service (SKS) of the server. How this is done is outside of the scope of this article. You can use e.g. a generic OPC UA client and call the AddSecurityGroup method on the Objects/Server/PublishSubscribe/SecurityGroups object.

  4. At the OpcCmd> prompt, enter uaPubSubClient accessSecurityKeyService opc.tcp://localhost:48010 --EndpointAllowedMessagedSecurity SecuritySignAndEncrypt --EndpointUser root:secret, or shortened: uapsc asks opc.tcp://localhost:48010 -eams SecuritySignAndEncrypt -eu root:secret. This command tells the utility that from now on, we will be accessing the Security Key Service in the specified OPC UA server, using a secured connection and authenticating as the specified user (these are common security requirements as the SKS itself is a security sensitive component). The programs responds with a confirmation of the command.

    All following commands are entered at the uaPubSubSecurityKeyService> prompt. You can enter -?, -h or --help (possibly preceded by the command name) at any time to obtain help for this prompt (or its commands).

browseSecurityGroups

Get an error. Copy client certificate from pkiserver/rejected to pkiserver/trusted/certs 

browseSecurityGroups

getSecurityGroupElement TestGroup

Accept server certificate 

browseTree



getSecurityKeys TestGroup 0 10



getSecurityKeys TestGroup 3 5



getSecurityKeys TestGroup 0 10 !repeat Infinite 0:0:15 !wait Infinite
Retrieved from "https://kb.opclabs.com/index.php?title=Using_OpcCmd_Utility_to_work_with_OPC_UA_Security_Key_Service_(SKS)&oldid=3612"