- HMI Model: CMT3162x
- EasyBuilder Pro Version: 6.02.02.322
- Serial Number or supplier: HH Barnum
I am trying to communicate with a Huber Heater via OPC UA communication. I looked through the manual, where the Huber will be the server and CMT will be the client.
Inside of the HMI, System Parameters, New Device → I selected the OPC UA Client, Security Authentication, then can click the magnifying glass in the top right. It seems the device, selecting and bring in the security policy/message security mode automatically.
However, the Huber heater generates a .CRT certificate key compared to the only being able to import a .DER into the advanced settings.
- Am I missing something here? Is there a way to import this .CRT file instead?
- When I try to connect to go to tag manager, it says connection fault, which I am assuming because the certificates don’t import?
Within the Authentication section, if you select the “Certificate, Private key”, you have to generate your own private key and certificate for the Weintek OPC UA Client. The easier alternative is to select the “User name, Password” if your OPC UA server allows you to setup a credential for a OPC UA client.
When you try to connect to go to tag manager, it says connection fault. In this case you probably have to ask the OPC UA server to trust the Weintek OPC UA client by using the server’s OPC UA configuration interface.
Good morning @TimWusa,
It does not seem like I can find documentation on if the Huber’s can support Username/Password, only finding certificates or unencrypted. I do believe you are correct on the OPC UA needing to trust each others, as the manuals below call for the Huber’s Certificate to be imported into the client, and a client certificate imported into the Huber.
Is there step-by-step instructions on how to create these certificates from the Weintek CMT to be exported? I had found the instructions for OPC UA Client using Unified Automation UaExpert but not sure how this correlates to the HMI.
Links from Huber:
http://www.huber-usa.com/download/manuals/Handbuch_Datenkommunikation_PB_en.pdf
Unfortunately, I think our OPC UA Client driver does not have a way to import a server certificate within EasyBuidler Pro.
If you select either “Anonymous” or “User name, Password”, the Weintek HMI that acts as a OPC UA Client will automatically create its client certificate before it starts to talk to the Server. A regular OPC UA Server will ask the Client to send the client certificate to itself. Once completed, you have the right to trust the client certificate by a user interface within a programming IDE or web server (usually users don’t need to manually copy the client certificate by a USB stick and transfer it into the server. Most Servers are able to pull out the client certificate via ethernet)
The OPC UA Client driver needs access to the OPC UA server certificate as well. When the Client tries to build a connection, the certificate swap must occur before the connection is made. I believe our OPC UA Client will trust the server certificate automatically if it successfully receives the server certificate via ethernet.
Perhaps you could consider Modbus TCP communication as a solution.
