For the communication between haul-offs and MES the OPC UA application authentication via X509 certificates shall be used. OPC UA provides functionalities for using self-signed certificates that have to be manually added to a “trust list” as well as for certificates issued by a certificate authority (CA).

The minimum requirements of the protocol level for a OPC 40084-4 compliant connection are:

  • Use of (self-signed) certificates for OPC UA application authentication
  • Security Policy: Basic256
  • Message Security Mode: sign

NOTE: It is not fixed by this specification if the certificate includes a fixed IP address and/or the host name. However, if the certificate includes a host name, a DNS server is expected to resolve the host name. An OPC UA GDS (Global Discovery Server) can be used to manage the connections and certificates.