OPC UA security

Set up Certificate Logon for a DeltaV OPC UA workstation server with third-party clients

Note

Connecting to third-party clients that are external to the DeltaV network is a security risk.

Note

User Certificate logon requires that application certificates are trusted.

  1. Open User Manager.
  2. Click FileNewUser.
  3. Enter a name in the Name field.
  4. Enter and confirm a password.
  5. In the Account Type section, select the OPC UA User checkbox. Click Certificates.
    The software displays the User Certificate dialog. Make sure there are values in the Name, Valid Until and Thumbprint fields. If these fields are blank, click Generate. Then, click Close.
  6. Click OK.
  7. Open DeltaV Explorer.
  8. Navigate to the workstation's OPC server subsystem and right-click Properties.
  9. Click Set Users.
  10. Select the user that you created earlier in this procedure.
  11. Click Add.
  12. Click OK.
  13. Select the Certificate Logon checkbox.
  14. Click OK.
  15. Download the OPC UA server subsystem.
  16. Open User Manager and double-click the user you created earlier in this procedure.
    The software opens the Properties For User dialog.
  17. Click Certificates.
    The software displays the User Certificate dialog.
  18. Click Private + Public key (.pfx).
  19. Enter a password. This password will be used later when splitting the certificate into .der and .pem files or when importing the .pfx file.
  20. Click Export.
    The software exports a .pfx file. Third-party clients need this file for Certificate Logon.
  21. Make sure application certificates are trusted between clients and the server.