About connection profiles

The Gateway is capable of establishing a bi-directional connection with a KepserverEx OPC UA server. 

The following illustration shows an example setup using bi-directional OPC-UA communication with an instance of KepserverEX.

Add a connection profile

To establish a connection to a PLC device, the CFX Gateway uses a connection profile to connect to the entity hosting the device. The Connection Profiles area displays a list of all currently defined connection profiles and allows you to add, edit and delete profiles. 

When adding a new connection profile, you must specify a user identity mode and configure an endpoint policy.  

1. To add a connection profile, log into the CFX Gateway, then select Connection Profiles on the left side of the window.
   
   
   
   
2. Select the Add Connection Profile button on the right side of the window.
   
   
   
   
3. Add the new connection profile information.
   
   

   The following table describes the connection profile configuration settings for a device hosted on KepserverEX.

   
   

   Property	Description
   Name	The name of the profile (must be unique across all defined connection profiles).
   Description	An optional value to help identify the connection to users configuring the CFX Gateway.
   Username	Typically, the name of a service account—not the name of a specific user.
   Password	The password for the connection profile.
   Host	The name or IP address of the OPC UA Server.
   Port	TCP port through which the connection to OPC UA connection is made.

   
   

   
   

4. Under User Identity, select Anonymous, Certificate, or Username/Password:
   
   

   • If you select Username/Password, you must enter a Username and Password.

   • If you select Certificate, you must provide a certificate (in PFX format) under Client Certificate. Use the Select Certificate button, locate and select the certificate file, then select Open.
     
     

     Important

     The certificate must be in PFX format AND must contain both a private and public key. You can use the open source tool OpenSSL if you need to convert certificates in other formats into PFX format—the PLC-CFX gateway requires PFX format.

5. Under Endpoint Policy, select a Security Mode: None, Sign, or SignAndEncrypt.
   
   
   • For all three Security Mode options, you must supply a certificate (we supply a  default certificate that you can use or you can configure your own certificate). Certificates must be in PFX format.
   • If you select None, a certificate with a private key is not necessary.

   • If you select Sign or SignAndEncrypt, you must supply a certificate with both a private and a public key.
     
     

     Important

     Certificates may not have a password-protected private key. If you use a custom certificate in a mode that requires a private key, you must make sure your PFX file doesn’t have password protection on the private key.

     
     

6. Under Security Algorithm,the algorithm you select must match the OPC-UA Server’s setting. (The Auto option (if available) will auto discover the server’s setting, but only if auto discovery is supported by the server).
7. Use the Test Connection button to test your settings to ensure you have a successful connection. 

Edit a connection profile

1. To search for a specific connection profile, use the Search button in the Connection Profiles area.
   
   
   
   
2. Use the Edit Connection Profile button next to a profile to modify the connection details (see the previous topic for details).
   
   
   
   
   
3. Select Save to save your changes and return to the Connection Profiles area.

Delete a connection profile

1. To delete a selected connection profile, select Connection Profiles on the left side of the window.
2. Select the Delete Connection Profile button next to the profile you want to delete, then select Yes when you see the confirmation prompt to delete the profile or select No to keep the profile and return to the Connection Profiles area.