'Client Settings' Editor (OPC UA)

Section	Parameter	Description
Set individual Certificate Store Names	Override Certificate Store Names	Sets whether the names for the identity stores and for the trust store can be changed (observe the note below this table). 'No' - overwriting is disabled. 'Yes' - the settings for specifying user-defined identity and trust store names become visible and can be edited. If your are using certificates other than the default stores to set up the communication with the OPC UA server, set the parameter 'Override Certificate Store Names' to 'Yes' and enter your values.
	These fields are only visible, if 'Override Certificate Store Names' = 'Yes'. By default, the following certificate and trust stores are used (the default stores are shown when you select 'Yes' in the 'Override Certificate Store Names' field).
	Self-signed identity store	Default: OPC UA Client self-signed Edit the name as required. Observe the note below the table. The identity store 'OPC UA client self-signed' is used to keep a self-signed certificate (certificate which has no Certificate Authority (CA)). The certificate is generated on first start of the OPC UA client. The certificate uses the same URLs and IP addresses that are configured for the OPC UA server. With the information stored in the identity store, the OPC UA client authenticates itself against the server, i.e., the server checks whether the communication with the OPC UA client is authorized. The certificate in this identity store is only used, if the OPC UA client identity store is empty (see the following row).
	Given identity store	Default: OPC UA Client Edit the name as required. Observe the note below the table. The identity store 'OPC UA client' can be used to provide a manually created Application Instance Certificate for the OPC UA client. The OPC UA client uses this certificate to identify itself when connecting to the OPC UA server.
	Trust store	Default: OPC UA Client Edit the name as required. Observe the note below the table. The trust store 'OPC UA client' is used to hold the certificates of the trusted servers. You have to add the certificates of all servers that the client wants to communicate with. Using the information in the trust store, the OPC UA client can verify the identity of a connecting OPC UA server by validating the authenticity of the certificates it presents.

Note For all of the settings described above, the embedded OPC UA client in the PLCnext Technology controller provides default settings which are supplied with the controller. In common cases there are no changes of these default values required in order to communicate with the OPC UA server.

Section	Parameter	Description
Session Security	Override Security Settings	Sets whether the default security checks shall be overwritten. These default checks are performed on the OPC UA client side when connecting to the OPC UA server. 'No' - default checks are performed. 'Yes' - particular security checks can be enabled/disabled individually as the various checkboxes become visible and can be edited.
	These fields are only visible, if 'Override Security Settings' = 'Yes'.
	Application Authentication	If disabled, a server certificate verification failure will be ignored when connecting to the OPC UA server.
	Application Uri Check	If disabled, an invalid server certificate application URI will be ignored. With a deactivated URI check, the connection to the OPC UA server can be established even the server's URI does not match the URI entered in the client's certificates.
	Certificate Hostname Check	If disabled, an invalid server certificate hostname will be ignored. With a deactivated hostname check, the connection to the OPC UA server can be established even the server's hostname does not match the hostname entered in the client's certificates.
	Certificate Time Check	If disabled, an invalid certificate time will be ignored. With a deactivated certificate time check, the connection to the OPC UA server can be established even the server's certificate has expired or is invalid.
	Certificate Issuer Time Check	If disabled, an invalid certificate issuer time will be ignored. With a deactivated certificate issuer time check, the connection to the OPC UA server can be established even the server's issuer certificate has expired or is invalid.
	Password Encryption Check	If disabled, the check for the ServerNonce and the PasswordEncryptionMode will be ignored.

Section	Parameter	Description
Client Timeouts	Override Session Timeouts	Sets whether the default timeout values shall be overwritten. These timeouts are used in the communication between OPC UA client and OPC UA server. 'No' - default timeout values are valid. 'Yes' - individual timeout values become visible and can be edited.
	These fields are only visible, if 'Override Session Timeouts' = 'Yes'.
	Session Timeout	Session timeout (in milliseconds) that is used by the server to support the reuse of a session after a lost connection. The server closes the session due to inactivity after the session timeout has expired.
	Connect Timeout	Session connect timeout (in milliseconds) that is used for connect calls during the connection establishment. If the server does not confirm the connection within the entered time, the connection process is aborted.
	Watchdog Timeout	Watchdog call timeout (in milliseconds) that is used as connection check and reconnect after connection errors.
	Call Timeout	General timeout (in milliseconds) for messages between the OPC UA client and OPC UA server.