Document toolboxDocument toolbox

FactoryLogix Learning

The PLC side connection

Owned by Adriane Hunt
Last updated: Jul 08, 2024 by Nathan Wallis
4 min read

About connection profiles

The Gateway is capable of establishing a bi-directional connection with a KepserverEx OPC UA server. 


Note:

At this time, only KepserverEx is supported.


The following illustration shows an example setup using bi-directional OPC-UA communication with an instance of KepserverEX.



Important

ThingWorx Kepware Server is an application that can be used as both an OPC UA server and an OPC UA client. With the installation of the application, the Kepware OPC UA Configuration Manager utility is provided for certificate management and endpoint management for OPC UA server interfaces.

ThingWorx Kepware Server is required when using the PLC-CFX Gateway—the AegisCFXcertificate must be trusted within the OPC UA Configuration Manager before connecting to the Kepware Server, otherwise the connection will fail.


ThingWorx Kepware Server has its own Trust Store where certificates are imported, exported, trusted, and untrusted. The OPC UA Configuration Manager utility allows a user to manage trusted or rejected OPC UA servers and client applications, in addition to managing instance certificates of ThingWorx Kepware Server.Add and manage connection profiles.

Add a connection profile

To establish a connection to a PLC device, the CFX Gateway uses a connection profile to connect to the entity hosting the device. The Connection Profiles area displays a list of all currently defined connection profiles and allows you to add, edit and delete profiles. 

When adding a new connection profile, you must specify a user identity mode and configure an endpoint policy.  

Important

The user identity mode and endpoint policy settings must match the security settings of the OPC-UA server you are connecting to.


  1. To add a connection profile, log into the CFX Gateway, then select Connection Profiles on the left side of the window.

    Connection Profiles dialog

  2. Select the Add Connection Profile Add Connection Profile button button on the right side of the window.



  3. Add the new connection profile information.

    The following table describes the connection profile configuration settings for a device hosted on KepserverEX.


    Property

    Description

    Name

    The name of the profile (must be unique across all defined connection profiles).

    Description

    An optional value to help identify the connection to users configuring the CFX Gateway.

    Username

    Typically, the name of a service account—not the name of a specific user.

    Password

    The password for the connection profile.

    Host

    The name or IP address of the OPC UA Server.

    Port

    TCP port through which the connection to OPC UA connection is made.



  4. Under User Identity, select Anonymous, Certificate, or Username/Password:

    • If you select Username/Password, you must enter a Username and Password.

    • If you select Certificate, you must provide a certificate (in PFX format) under Client Certificate. Use the Select Certificate button, locate and select the certificate file, then select Open.

      Important

      The certificate must be in PFX format AND must contain both a private and public key. You can use the open source tool OpenSSL if you need to convert certificates in other formats into PFX format—the PLC-CFX gateway requires PFX format.

  5. Under Endpoint Policy, select a Security Mode: None, Sign, or SignAndEncrypt.

    • For all three Security Mode options, you must supply a certificate (we supply a  default certificate that you can use or you can configure your own certificate). Certificates must be in PFX format.
    • If you select None, a certificate with a private key is not necessary.

    • If you select Sign or SignAndEncrypt, you must supply a certificate with both a private and a public key.

      Important

      Certificates may not have a password-protected private key. If you use a custom certificate in a mode that requires a private key, you must make sure your PFX file doesn’t have password protection on the private key.


  6. Under Security Algorithm,the algorithm you select must match the OPC-UA Server’s setting. (The Auto option (if available) will auto discover the server’s setting, but only if auto discovery is supported by the server).
  7. Use the Test Connection button to test your settings to ensure you have a successful connection. 

Edit a connection profile

  1. To search for a specific connection profile, use the Search Search button button in the Connection Profiles area.

    Connection Profiles dialog

  2. Use the Edit Connection Profile Edit Connection Profile button button next to a profile to modify the connection details (see the previous topic for details).




  3. Select Save to save your changes and return to the Connection Profiles area.

Delete a connection profile

  1. To delete a selected connection profile, select Connection Profiles on the left side of the window.
  2. Select the Delete Connection Profile Delete Connection Profile button button next to the profile you want to delete, then select Yes when you see the confirmation prompt to delete the profile or select No to keep the profile and return to the Connection Profiles area.


Copyright © 2024 Aegis Industrial Software Corporation. All Rights Reserved.