Parameters description in the OpcUaClientSettings-0.json configuration file

Support

Support for business applications

Kaspersky IoT Secure Gateway 100

Configuring the gateway

Configuring a connection over the OPC UA protocol

Parameters description in the OpcUaClientSettings-0.json configuration file

May 24, 2023

ID 240932

Get as PDF

The required parameters should be explicitly defined. The other parameters are optional. For optional parameters that are not included in the configuration file, the default value prescribed by the OPC UA protocol may be used.

Parameters in the OpcUaClientSettings-0.json file

Parameter name	Required parameter	Description	Possible values and notes
`id`	Yes	ID of the OPC UA client that receives data from the OPC UA server.	`0`. The value of this parameter must match the value of the `receivingHubId` parameter in the `GuideSettings-0.json` configuration file.
`name`	Yes	Name of the OPC UA client that receives data from the OPC UA server.	`<OPC UA client name>`. Example: `Kaspersky IoT Secure Gateway 100 OPC UA Client`.
`description`		Description of the OPC UA client that receives data from the OPC UA server.	`<OPC UA client description>`. Example: `Collect data from CNC by Kaspersky IoT Secure Gateway 100`.
`url`	Yes	OPC UA server address.	`<network protocol>://<host>:<port>`. Example: `opc.tcp://192.168.177.7:4840`. Port 4840 is used by default.
`readingCycle`	No	Gateway data read frequency (in seconds).	`1`. Integer no less than `0`. `0` is a special value signifying the use of the maximum frequency available to the client and server.
`security`	Yes	OPC UA client security parameter block. Contains the `mode`, `policy`, and `trustList` parameters, and the `clientPkiData` parameter block. All security-related settings of Kaspersky IoT Secure Gateway 100. You can make changes to these settings by editing the configuration files on the microSD card.	`{mode, policy, clientPkiData, trustList}` parameter block. `null`. The `security` parameter block is used to configure the communication modes, security policies, utilized certificates and encryption keys for the digital signature and data encryption. Conversion of data from readable format to encoded format. Encrypted data can be read or processed only after decryption. A value calculated with an encryption algorithm and added to data in such a way that any data recipient can use the signature to verify the origin and integrity of the data. If you do not need to configure the security parameters, enter `null` in the `security` block. The security mode will be set to `None` in this case.
`mode`	No	Mode for managing the security of the client application connection.	`Sign` mode means that the connection requires a digital signature for data. `SignAndEncrypt` mode means that the connection requires both a digital signature and data encryption. `None` mode means that the connection does not require a digital signature or data encryption. It is not recommended to use this mode because it does not ensure a secure connection between the OPC UA client and the OPC UA server. `Any` mode means that the connection will use any of the listed modes that are supported by the server: `Sign`, `SignAndEncrypt`, `None`.
`policy`	No	Name of the security policy used on the OPC UA server. Set of mechanisms and characteristics, including signature and encryption algorithms and encryption key algorithm that can ensure the security of the connection between the OPC UA server and client.	`Basic128Rsa15` `Basic256` `Basic256Sha256` `None` `Any` policy means that any of the listed policies can be used (if supported by the server). The `None` security policy is the most compatible with various types of data sources for an OPC UA connection.
`clientPkiData`	No	Parameter block containing the certificate and private encryption key of the OPC UA client for an encrypted connection.	`{certificate, privateKey}` parameter block. The `clientPkiData` parameter block must be completed even if the `None` value is set for the `mode` and `policy` fields. For secure communication over OPC UA, you will need to create a private encryption key and certificate and add them to the client and server configuration. When generating certificates for a connection between a client (Kaspersky IoT Secure Gateway 100) and the OPC UA server, make sure that the certificates comply with the following requirements: Data structure with a digital signature containing a public encryption key and the ID of the client or server. Component of a pair of encryption keys used for asymmetric encryption. Keys can be public or private. The settings of encryption keys and certificates are compliant with the selected security policy. DER or PEM format is used for certificates and encryption keys of the client. For the client certificate, the `Subject Alt Name` field contains the value `URI:urn:aprotech:KISG100:OpcUaClient`.
`certificate`	No	Certificate file name.	`opc-ua-client.crt`.
`privateKey`	No	Private encryption key file name.	`opc-ua-client.key`.
`trustList`	No	Array containing the names of trusted certificate files.	`[opc-ua-server.crt]` – one or more names of trusted certificate files for the OPC UA server. `AllowAll` – allows a connection to the OPC UA server without verifying its certificate. If the OPC UA server configuration prescribes the use of a custom list of trusted certificates, add the client certificate to this list. If certificate verification is not required, enter the `AllowAll` value for this parameter.
`userCredentials`	No	Parameter block containing the account credentials of the OPC UA client on the OPC UA server.	`{username, password}` parameter block containing the user account credentials. `null` is indicated if you want to allow an anonymous connection of the OPC UA client to the OPC UA server. In this case, you do not need to provide values for the `username` and `password`.
`username`	No	Name of the user account for authorization on the OPC UA server.	`<username>`.
`password`	No	Password of the user account for authorization on the OPC UA server.	`<password>`.
`heartbeat`	No	This parameter block is generated by the OPC UA client. It contains the parameters for the Kaspersky IoT Secure Gateway 100 heartbeat signal.	`{id, name, timeout}` parameter block. `null`. If you do not add the `heartbeat` parameter or if you enter the `null` value, heartbeat signals will not be sent.
`id`	No	Data node ID.	`0`.
`name`	No	Data node name.	`<heartbeat node name>`. Example: `Heartbeat`.
`timeout`	No	Interval (in seconds) between the generation of heartbeat signals.	`60`. An integer no less than `0` must be entered. The default value is `30`.
`nodes`	Yes	Parameter block for data nodes.	`{id, name}` parameter block. Completed for each data node. The ID and name of data nodes are required for building routes and transmitting data from the OPC UA server to the MQTT broker. A server that receives, filters, and forwards messages over the MQTT protocol.
`id`	Yes	ID of the outbound port.	`<id>`.
`name`	Yes	Name of the outbound port. This name must match the destination port `name` of one of the MQTT topics indicated in the `topics` parameter block in the `MqttPublisherSettings-0.json` configuration file. A hierarchical path to the data source used for sending messages over the MQTT protocol.	`<node name>`. Example: `Temperature`. To correctly transfer data from the OPC UA server to the MQTT broker, you need to map the OPC UA data nodes to their corresponding MQTT topics. The `name` value is used for mapping. Structural element of an OPC UA information model containing data and metadata.
`nodeId`	Yes	Data node ID.	`<namespace>, <nodeID>`.
`ns`	Yes	ID of the OPC UA server namespace.	`<namespace>`.
`nodeId`	Yes	ID of the data node in the OPC UA server namespace.	`<nodeID>`. Two types of IDs are possible: `s` (string) – string value for the data node ID. For example, `"nodeId": "ns=1;s=Variable temperature"`. `i` (numeric) – numerical value for the data node ID. For example, `"nodeId": "ns=2;i=2045"`.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.