OPC UA security

Set up Certificate Logon for a DeltaV OPC UA PK controller server with DeltaV clients

Note

User Certificate logon requires that application certificates are trusted.

User certificates will not work if OPC UA clients are DeltaV clients (EIOC or Workstation) in the same DeltaV system as the PK controller. DeltaV OPC UA clients and the PK controller OPC UA server must be in separate DeltaV systems.

  1. In the DeltaV system that includes the OPC UA client, open User Manager.
  2. Click FileNewUser.
  3. Enter a name in the Name field.
  4. Enter and confirm a password.
  5. In the Account Type section, select the OPC UA User checkbox. Click Certificates.
    The software displays the User Certificate dialog. Make sure there are values in the Name, Valid Until and Thumbprint fields. If these fields are blank, click Generate.
  6. Select Private + Public key (.pfx), enter and confirm a certificate password, then click Export. The password specified during export will be required to import the certificate into another OPC UA device.
  7. Specify the export location of the newly created user certificate and click Save.
  8. Click Close to exit the User Certificate dialog box.
  9. Click OK to exit the User Properties dialog box.
    The DeltaV system may inform you that a download is necessary if changes have been made.
  10. Close User Manager.
  11. Right click on the physical device (PDT) of the OPC UA client and click Properties.
  12. In the Primary tab, click User Certificate from the Authentication drop-down list.
  13. Enter the username of the OPC UA enabled user.
  14. Download the EIOC PDT if prompted.
  15. In a different DeltaV system that includes the PK controller OPC UA server, open DeltaV Explorer.
  16. Navigate to the PK controller OPC UA server subsystem and right-click Properties.
  17. Select the Certificate Logon checkbox.
  18. Click View Certificate.
    The software displays the View User Certificate dialog. The user certificate exported from the system with the DeltaV OPC UA client will be imported into the PK controller using this dialog box.
  19. Click Import and locate the user certificate.
  20. Enter the certificate password when prompted.
  21. Click Close.
  22. Download the PK controller OPC UA server if prompted.