6 Basic security requirements ToC Previous Next

6.1 Application Security ToC Previous Next

For the communication between dies and MES the OPC UA application authentication via X509 certificates shall be used. OPC UA provides functionalities for using self-signed certificates that have to be manually added to a “trust list” as well as for certificates issued by a certificate authority (CA).

The minimum requirements of the protocol level for a OPC 40084-7 compliant connection are:

  • Use of (self-signed) certificates for OPC UA application authentication
  • Security Policy: Basic256
  • Message Security Mode: sign NOTE: It is not fixed by this specification if the certificate includes a fixed IP address and/or the host name. However, if the certificate includes a host name, a DNS server is expected to resolve the host name. An OPC UA GDS (Global Discovery Server) can be used to manage the connections and certificates.

Previous Next