Product Features
...
OPC UA Server
Management
Manage OPC UA Policies
4min
You can enable and disable policies by navigating to OPC > Management and referring to the Policies section.
Important: Selections in the Authentication Management section must match the selections in the Policies section or the server will not start.
- None: No encryption type
- Basic256Sha256: 256-Bit encryption. It supports Sha256 or stronger hash algorithms for certificates.
- Basic256: 256-Bit encryption. It supports the Sha1 and Sha256 hash algorithms for certificates.
- Basic128Rsa15: 128-Bit encryption that uses RSA15 as a Key-Wrap. It supports Sha1 or stronger hash algorithms for certificates.
- Aes256_Sha256_RsaPss (available for Manufacturing Connect Edge version 3.11.0 and later)
- Aes128_Sha256_RsaOaep (available for Manufacturing Connect Edge version 3.11.0 and later)
Each security policy has two different types of message security modes:
- Sign: Manufacturing Connect Edge signs messages from the server to assure recipients that the sender is authentic and not an imposter.
- SignAndEncrypt: Manufacturing Connect Edge both signs and encrypts messages from the server to prevent any attackers from reading plain text messages from the server.
More information:
- Encryption: Makes messages impossible to read except by authorized users.
- 256 / 128 Bit: 128-bit is bank-grade encryption. 256-bit encryption is even stronger and is 1038 times harder to crack. The drawback to 256-bit is that it takes servers about 40% longer to encrypt.
- Hash algorithms: These are for generating signatures. They assure message recipients that the sender is authentic.
- Key-Wrap: An extra layer of encryption for sending messages on insecure networks or for storing messages for extended periods.
To enable or disable policies, click the toggle next to the policy.
OPC UA policy toggles
After enabling or disabling a policy, you must restart the OPC UA Server. See Manage the OPC UA Server to learn more.