End Points Of The Opc Ua Server - Siemens SIMATIC S7-1500 Function Manual

9.3.1.2

End points of the OPC UA server

The end points of the OPC UA server define the security level for a connection. Depending
on the purpose of use or desired security level, you have to carry out the corresponding
settings for the connection at the end point.
Different security settings
Before establishing a secure connection, OPC UA clients ask the server with which security
settings connections are possible. The server returns a list with all the security settings
(endpoints) that the server offers.
Structure of end points
End points consist of the following components:
● Identifier for OPC: "opc.tcp"
● IP address: 192.168.178.151 (in the example)
● Port number for OPC UA: 4840 (standard port)
The port number can be configured.
● Security setting for messages (Message Security Mode): None, Sign, SignAndEncrypt.
● Encryption and hash procedures (Security Policy): None, Basic128Rsa15, Basic256,
Basic256Sha256 (in the example).
The following figure shows the "UA Sample Client" of the OPC Foundation.
The client has established a secure connection to the OPC UA server of an S7-1500 CPU to
the end point "opc.tcp://192.168.178.151:4840 - [SignAndEncrypt: Basic256Sha256:Binary]".
The security settings "SignAndEncrypt:Basic256Sha256" are contained in the end point.
Note
Select an endpoint with as strict as possible a security policy
Select an application-appropriate security policy for the end point and disable the less strict
security policy at the OPC UA server.
A Sha256 certificate is required for the most secure end points (Basic256Sha256) of the S7-
1500 CPU OPC UA server.
Communication
Function Manual, 11/2019, A5E03735815-AH
OPC UA communication
9.3 Using the S7-1500 as an OPC UA server
161