Parameters description in the OpcUaClientSettings-0.json configuration file

Configuring the gateway > Configuring a connection over the OPC UA protocol > Parameters description in the OpcUaClientSettings-0.json configuration file

Parameters description in the OpcUaClientSettings-0.json configuration file

The required parameters should be explicitly defined. The other parameters are optional. For optional parameters that are not included in the configuration file, the default value prescribed by the

OPC UA protocol

may be used.

Parameters in the OpcUaClientSettings-0.json file

Parameter name	Required parameter	Description	Possible values and notes
`id`	Yes	ID of the OPC UA client that receives data from the OPC UA server.	`0`. The value of this parameter must match the value of the `receivingHubId` parameter in the `GuideSettings-0.json` configuration file.
`name`	Yes	Name of the OPC UA client that receives data from the OPC UA server.	`<OPC UA client name>`. Example: `Kaspersky IoT Secure Gateway 100 OPC UA Client`.
`description`		Description of the OPC UA client that receives data from the OPC UA server.	`<OPC UA client description>`. Example: `Collect data from CNC by Kaspersky IoT Secure Gateway 100`.
`url`	Yes	OPC UA server address.	`<network protocol>://<host>:<port>`. Example: `opc.tcp://192.168.177.7:4840`. Port 4840 is used by default.
`readingCycle`	No	Gateway data read frequency (in seconds).	`1`. Integer no less than `0`. `0` is a special value signifying the use of the maximum frequency available to the client and server.
`security`	Yes	OPC UA client security parameter All security-related settings of Kaspersky IoT Secure Gateway 100. You can make changes to these settings by editing the configuration files on the microSD card. block. Contains the `mode`, `policy`, and `trustList` parameters, and the `clientPkiData` parameter block.	`{mode, policy, clientPkiData, trustList}` parameter block. `null`. The `security` parameter block is used to configure the communication modes, security policies, utilized certificates and encryption keys for the digital signature A value calculated with an encryption algorithm and added to data in such a way that any data recipient can use the signature to verify the origin and integrity of the data. and data encryption Conversion of data from readable format to encoded format. Encrypted data can be read or processed only after decryption. . If you do not need to configure the security parameters, enter `null` in the `security` block. The security mode will be set to `None` in this case.
`mode`	No	Mode for managing the security of the client application connection.	`Sign` mode means that the connection requires a digital signature for data. `SignAndEncrypt` mode means that the connection requires both a digital signature and data encryption. `None` mode means that the connection does not require a digital signature or data encryption. It is not recommended to use this mode because it does not ensure a secure connection between the OPC UA client and the OPC UA server. `Any` mode means that the connection will use any of the listed modes that are supported by the server: `Sign`, `SignAndEncrypt`, `None`.
`policy`	No	Name of the security policy Set of mechanisms and characteristics, including signature and encryption algorithms and encryption key algorithm that can ensure the security of the connection between the OPC UA server and client. used on the OPC UA server.	`Basic128Rsa15` `Basic256` `Basic256Sha256` `None` `Any` policy means that any of the listed policies can be used (if supported by the server). The `None` security policy is the most compatible with various types of data sources for an OPC UA connection.
`clientPkiData`	No	Parameter block containing the certificate and private encryption key of the OPC UA client for an encrypted connection.	`{certificate, privateKey}` parameter block. The `clientPkiData` parameter block must be completed even if the `None` value is set for the `mode` and `policy` fields. For secure communication over OPC UA, you will need to create a private encryption key Component of a pair of encryption keys used for asymmetric encryption. Keys can be public or private. and certificate Data structure with a digital signature containing a public encryption key and the ID of the client or server. and add them to the client and server configuration. When generating certificates for a connection between a client (Kaspersky IoT Secure Gateway 100) and the OPC UA server, make sure that the certificates comply with the following requirements: The settings of encryption keys and certificates are compliant with the selected security policy. DER or PEM format is used for certificates and encryption keys of the client. For the client certificate, the `Subject Alt Name` field contains the value `URI:urn:aprotech:KISG100:OpcUaClient`.
`certificate`	No	Certificate file name.	`opc-ua-client.crt`.
`privateKey`	No	Private encryption key file name.	`opc-ua-client.key`.
`trustList`	No	Array containing the names of trusted certificate files.	`[opc-ua-server.crt]` – one or more names of trusted certificate files for the OPC UA server. `AllowAll` – allows a connection to the OPC UA server without verifying its certificate. If the OPC UA server configuration prescribes the use of a custom list of trusted certificates, add the client certificate to this list. If certificate verification is not required, enter the `AllowAll` value for this parameter.
`userCredentials`	No	Parameter block containing the account credentials of the OPC UA client on the OPC UA server.	`{username, password}` parameter block containing the user account credentials. `null` is indicated if you want to allow an anonymous connection of the OPC UA client to the OPC UA server. In this case, you do not need to provide values for the `username` and `password`.
`username`	No	Name of the user account for authorization on the OPC UA server.	`<username>`.
`password`	No	Password of the user account for authorization on the OPC UA server.	`<password>`.
`heartbeat`	No	This parameter block is generated by the OPC UA client. It contains the parameters for the Kaspersky IoT Secure Gateway 100 heartbeat signal.	`{id, name, timeout}` parameter block. `null`. If you do not add the `heartbeat` parameter or if you enter the `null` value, heartbeat signals will not be sent.
`id`	No	Data node ID.	`0`.
`name`	No	Data node name.	`<heartbeat node name>`. Example: `Heartbeat`.
`timeout`	No	Interval (in seconds) between the generation of heartbeat signals.	`60`. An integer no less than `0` must be entered. The default value is `30`.
`nodes`	Yes	Parameter block for data nodes.	`{id, name}` parameter block. Completed for each data node. The ID and name of data nodes are required for building routes and transmitting data from the OPC UA server to the MQTT broker A server that receives, filters, and forwards messages over the MQTT protocol. .
`id`	Yes	ID of the outbound port.	`<id>`.
`name`	Yes	Name of the outbound port. This name must match the destination port `name` of one of the MQTT topics A hierarchical path to the data source used for sending messages over the MQTT protocol. indicated in the `topics` parameter block in the `MqttPublisherSettings-0.json` configuration file.	`<node name>`. Example: `Temperature`. To correctly transfer data from the OPC UA server to the MQTT broker, you need to map the OPC UA data nodes Structural element of an OPC UA information model containing data and metadata. to their corresponding MQTT topics. The `name` value is used for mapping.
`nodeId`	Yes	Data node ID.	`<namespace>, <nodeID>`.
`ns`	Yes	ID of the OPC UA server namespace.	`<namespace>`.
`nodeId`	Yes	ID of the data node in the OPC UA server namespace.	`<nodeID>`. Two types of IDs are possible: `s` (string) – string value for the data node ID. For example, `"nodeId": "ns=1;s=Variable temperature"`. `i` (numeric) – numerical value for the data node ID. For example, `"nodeId": "ns=2;i=2045"`.

Article ID: 240932, Last review: May 24, 2023

Page top