By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Enable an OPC-UA server (Kepware) to trust the SiteWise Edge gateway - Missing

0

Hello,

**Objective **: I am exploring skills to collect the data from Kepware OPC server [ EC2-Windows] to IOT sitewise through Gateway & OPC UA source [ EC2-Linux]

As per the documentation - https://docs.aws.amazon.com/iot-sitewise/latest/userguide/gateways-ggv2.html, I successfully deployed & Monitoring the data from Gateway(v2) with OPCUA data source Message security mode as NONE..

Problem: I am unsuccessful during enable of OPCUA data source Message security mode to Basic256Sha256 - Sign and Encrypt..

**Observation: **

  1. I can not found the edge gateway in Kepware for enabling the OPC-UA source servers to trust the SiteWise Edge gateway.
  2. I can not found the folders or certificates in Linux PC where Sitewise gateway was installed , to Export the OPC-UA client certificate & trust it as per the following documentation: https://docs.aws.amazon.com/iot-sitewise/latest/userguide/enable-source-trust.html

could anyone can guide me the missing points or procedure to monitor the data through Message security mode as Basic256Sha256 - Sign and Encrypt.. ..

Let me know in case I need to provide more information. Thank you very much in advance for your support!

Topics
Internet of Things (IoT)
Tags
AWS IoT SiteWise
Language
English
Pawan
asked 2 months ago83 views
1 Answer
0

Are you able to establish a connection to that KepServer using another OPC UA Client (e.g. UAExpert) on the same node where your SW GW is?

When establishing communication between an OPC UA Client (SW Edge Gateway) and OPC UA Server (KepServerEX), it's a multi-step process if you don't manually move the certificates over.

  1. Make sure that you have your endpoint with Encryption: Basic256Sha256 - Message Mode: Sign and Encrypt enabled on KepServerEx (OPC UA Configuration Manager -> Server Endpoints tab)
  2. Export the server cert: OPC UA Configuration Manager -> Instance Certificates -> Export Server Certificate.
  3. Trust the client: The certificate exchange happens automatically upon first connection (it will fail the first time, expected), but you can also do it manually.
  4. (Automatic) OPC UA Configuration Manager -> Trusted Clients tab -> click on the name of the client -> “Trust”
  5. (Manual) follow the steps here https://docs.aws.amazon.com/iot-sitewise/latest/userguide/enable-source-trust.html#export-opc-ua-client-certificate to generate your aws-iot-opcua-client-certificate.pem and import it in the 'trusted clients'
profile pictureAWS
gabemv-AWS
answered 18 days ago
profile picture
EXPERT
Giovanni Lauria
reviewed 17 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content