For the communication between haul-offs and MES the OPC UA application authentication via X509 certificates shall be used. OPC UA provides functionalities for using self-signed certificates that have to be manually added to a “trust list” as well as for certificates issued by a certificate authority (CA).
The minimum requirements of the protocol level for a OPC 40084-4 compliant connection are:
- Use of (self-signed) certificates for OPC UA application authentication
- Security Policy: Basic256
- Message Security Mode: sign
NOTE: It is not fixed by this specification if the certificate includes a fixed IP address and/or the host name. However, if the certificate includes a host name, a DNS server is expected to resolve the host name. An OPC UA GDS (Global Discovery Server) can be used to manage the connections and certificates.