Enable an OPC-UA server (Kepware) to trust the SiteWise Edge gateway - Missing

Question

Hello,

**Objective **: I am exploring skills to collect the data from Kepware OPC server [ EC2-Windows] to IOT sitewise through Gateway & OPC UA source [ EC2-Linux]

As per the documentation - [https://docs.aws.amazon.com/iot-sitewise/latest/userguide/gateways-ggv2.html](), I successfully deployed & Monitoring the data from Gateway(v2) with OPCUA data source **Message security mode** as NONE..

**Problem:**
I am unsuccessful during enable of OPCUA data source **Message security mode** to **Basic256Sha256 - Sign and Encrypt..**

**Observation: **
1. I can not found the edge gateway in Kepware for enabling the OPC-UA source servers to trust the SiteWise Edge gateway.
2. I can not found the folders or certificates in Linux PC where Sitewise gateway was installed ,  to Export the OPC-UA client certificate & trust it as per the following documentation:  [https://docs.aws.amazon.com/iot-sitewise/latest/userguide/enable-source-trust.html]()

could anyone can guide me the missing points or procedure to monitor the data through **Message security mode** as **Basic256Sha256 - Sign and Encrypt..** ..

Let me know in case I need to provide more information. Thank you very much in advance for your support!

Answer

Are you able to establish a connection to that KepServer using another OPC UA Client (e.g. UAExpert) on the same node where your SW GW is?

When establishing communication between an OPC UA Client (SW Edge Gateway) and OPC UA Server (KepServerEX), it's a multi-step process if you don't manually move the certificates over.

1. Make sure that you have your endpoint with `Encryption: Basic256Sha256 - Message Mode: Sign and Encrypt` enabled on KepServerEx (OPC UA Configuration Manager -> Server Endpoints tab)
2. Export the server cert: OPC UA Configuration Manager -> Instance Certificates -> Export Server Certificate.
3. Trust the client: The certificate exchange happens automatically upon first connection (it will fail the first time, expected), but you can also do it manually. 
4. (Automatic) OPC UA Configuration Manager -> Trusted Clients tab -> click on the name of the client -> “Trust”
5. (Manual) follow the steps here https://docs.aws.amazon.com/iot-sitewise/latest/userguide/enable-source-trust.html#export-opc-ua-client-certificate to generate your `aws-iot-opcua-client-certificate.pem` and import it in the 'trusted clients'

Enable an OPC-UA server (Kepware) to trust the SiteWise Edge gateway - Missing

相關內容