OPC UA requires every participating server or client to have a certificate. Certificates are authenticated according to one of the four OPC UA Security Tiers:
Tier 1 - No Authentication means an OPC UA client can connect to an OPC UA server with any certificate. Neither the client nor the server authenticates the certificate of the other.
Tier 2 - Server Authentication means that the OPC UA client will check the OPC UA server's certificate against its trust list of accepted certificates, and only connect to the server if its certificate in on the list. However, the server does not check its trust list for client connections.
Tier 3 - Client Authentication means that the OPC UA server will check the OPC UA client's certificate against its trust list, and only allow a connection from the client if its certificate in on the list. However, the client does not check its trust list for server connections.
Tier 4 - Mutual Authentication means that both the OPC UA server and OPC UA client will check each other's certificate against their respective trust lists, and the connection will only be allowed if each certificate appears in the appropriate trust list.
The Cogent DataHub program supports all of these. The OPC UA server configuration has a Manage Certificates feature where you can search through client certificates and view, accept, reject, or delete them. The OPC UA client configuration allows you to select a user token type (see below), and then enter a username and password, or certificate, as appropriate.
Anonymous The UA server allows any user to connect.
User Name The UA server requires a user name and password.
Another Certificate The UA server requires a certificate other than your DataHub instance's own certificate.
My Certificate The UA server allows you to use your DataHub instance's own certificate.
A security policy determines how an OPC UA server and OPC UA client sign and encrypt messages. The Cogent DataHub program supports these security policies: