Configuring with the WBM
7.3 The menu items of the WBM
SIMATIC RF600
Configuration Manual, 11/2018, C79000-G8976-C386-07
79
Allow anonymous
access
If the check box is selected, the reader allows anonymous users access to the
data of its OPC UA server.
Anonymous users do not need to specify a user name/password when estab-
lishing a connection. If anonymous access is not allowed, an OPC UA client or
a user must provide a valid user name/password combination of a user with
OPC UA rights. A user with OPC UA rights can be created via the WBM. The
user profile preinstalled in the factory (user name: "admin", password "admin")
Generate OPC UA
server certificate
Button for creating an OPC UA server certificate.
Among other things the server certificate serves to identify the OPC UA server
to the OPC UA client.
The OPC UA server certificate contains the application name, the security
profile and the IP address of the reader. If any part of this information is
changed, the server certificate needs to be recreated.
Note: Note that the procedure can take several minutes.
Validate certificates If the check box is selected, the reader generally checks the certificate of the
communications partner. If the partner certificate is invalid or not trustworthy,
communication is aborted.
Accept
expired
certificates
If the check box is selected, the reader checks the certificate of the communi-
cations partner. If the current internal reader time is outside the period of valid-
ity of the partner certificate, this is nevertheless allowed and communication
No strict
validation
If the check box is selected, the reader also allows communication in the fol-
lowing situations:
• The IP address of the communications partner is not identical to the IP
address in its certificate.
Note: The OPC UA server does not check the IP address of its communi-
cations partner (client).
• The use stored in the certificate (OPC UA client/server) differs from the
function (OPC UA client/server) of the communications partner.
• The current internal reader time is outside the period of validity of the part-
ner certificate.
Regardless of these exceptions, to establish a connection at least the follow-
ing requirements must be met:
• The application URI sent by the requesting client must match the URI of
the server application of the reader.
• If the partner certificate is not trustworthy, the reader must at least have
stored a self-signed certificate of the partner.
• If the partner certificate was issued by several CAs (Certification Authori-
ties), all CAs must be stored in the certificate store of the reader.
To Next Page
Loading...
