Product Features
...
OPC UA Server
Management
Manage OPC UA Policies
4min
You can enable and disable policies by navigating to OPC > Management and referring to the Policies section.
Important: Selections in the Authentication Management section must match the selections in the Policies section or the server will not start.
- None: No encryption type
- Basic256Sha256: 256-Bit encryption. It supports Sha256 or stronger hash algorithms for certificates.
- Basic256: 256-Bit encryption. It supports the Sha1 and Sha256 hash algorithms for certificates.
- Basic128Rsa15: 128-Bit encryption that uses RSA15 as a Key-Wrap. It supports Sha1 or stronger hash algorithms for certificates.
- Aes256_Sha256_RsaPss (available for Manufacturing Connect Edge version 3.11.0 and later)
- Aes128_Sha256_RsaOaep (available for Manufacturing Connect Edge version 3.11.0 and later)
Each security policy has two different types of message security modes:
- Sign: Manufacturing Connect Edge signs messages from the server to assure recipients that the sender is authentic and not an imposter.
- SignAndEncrypt: Manufacturing Connect Edge both signs and encrypts messages from the server to prevent any attackers from reading plain text messages from the server.
More information:
- Encryption: Makes messages impossible to read except by authorized users.
- 256 / 128 Bit: 128-bit is bank-grade encryption. 256-bit encryption is even stronger and is 1038 times harder to crack. The drawback to 256-bit is that it takes servers about 40% longer to encrypt.
- Hash algorithms: These are for generating signatures. They assure message recipients that the sender is authentic.
- Key-Wrap: An extra layer of encryption for sending messages on insecure networks or for storing messages for extended periods.
To enable or disable policies, click the toggle next to the policy.
![OPC UA policy toggles OPC UA policy toggles](https://images.archbee.com/SSUUxKZUk9bFTEPNn_6Zo/hXRxsr9Ccfw2klzt3k8RG_image.png?format=webp)
OPC UA policy toggles
After enabling or disabling a policy, you must restart the OPC UA Server. See Manage the OPC UA Server to learn more.