> For the complete documentation index, see [llms.txt](https://docs.tricloudnexus.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tricloudnexus.io/edge/nexus-modules/data-connector-modules/opcuamodule/twin-config.md). # Twin Config ***Twin Configuration***\ To setup connection to OPC servers, the connection properties must be configured in the OPC Module Twin, under a key named "OpcConfigurations". For each OPC server, the following properties must be specified: * **EndpointId**: This is the Endpoint name, which is a custom name that identifies the server. When setting up data retrieval in the tag configuration, this Id refers to the Endpoint in the Tag Configuration. This is required, since multiple OPC UA servers are supported in Publisher mode. * **EndpointUrl**: The URL to the OPC UA server. * **Authentication**: Possible values are Anonymous (no security) and UsernamePassword (user/pass security). If the OPC UA server requires a secure TLS connection, an X509 application certificate is required to secure the communication between the OPC UA client and server. This is not dependent to the authentication method. Anonymous authentication can still require a secure connection, if the OPC UA server requires it. The OPC UA Client supports both **Sign** and **Sign\&Encrypt** security modes, and the following security policies: * Basic128Rsa15 * Basic256 * Basic256Sha256 * Aes128Sha256RsaOaep **NB: The OPC UA client does not currently support the Aes256\_Sha256\_RsaPss security policy.** It is possible to configure the application certificate manually in the twin configuration, but if it is not defined, a self-signed certificate is automatically generated.\ The application certificate can be defined in an extra configuration field containing the certificate payload. The certificate filename and id relates to where the certificate is stored in the Azure key vault. **NB: The application certificate must be trusted by the OPC UA server. By default new certificates are rejected, so when changing certificate it must be manually trusted on the server, no matter if they are automatically generated or defined in the twin.** The OPC UA client will automatically generate a new self-signed certificate when the old certificate expires, however it needs to be trusted by the OPC UA server to take effect. A warning will be logged 14 days before expiry. The following show examples of the module twin desired configuration settings for the different security models.: **Anonymous security example** ``` "opcConfigurations": { "testServer1": { "id": "TestServer1", "endpointUrl": "opc.tcp://opcuademo.sterfive.com:26543", "endpointId": "TestServer", "authentication": "Anonymous" } } ``` **UsernamePassword example**\ When using UsernamePassword security, a username and password must be issued. ``` "opcConfigurations": { "testServer1": { "id": "TestServer1", "endpointUrl": "opc.tcp://opcuademo.sterfive.com:26543", "endpointId": "TestServer", "authentication": "UsernamePassword", "username": "user", "password": "password" } } ``` **Setting the Application Certificate example**\ If the OPC UA server requires secure communication, an application certificate must be issued. The certificatepayload must contain the payload of the certificate. The certificate filename and id is used for identification in relation to the management portal, and are not required when configuring manually. The certificate payload must include the private key, and must be saved as either a base64 or UTF8 encoded string. ``` "opcConfigurations": { "testServer1": { "id": "TestServer1", "endpointUrl": "opc.tcp://opcuademo.sterfive.com:26543", "endpointId": "TestServer", "authentication": "UsernamePassword", "username": "user", "password": "password", "certificate": { "certificateFilename": "certificate.cer", "id": "9cd55993-0be0-4dd8-ab43-ad3693cf5f11", "certificatePayload": "MIIDqTCCApGgAwIB.....D45KaB3DNUqtMsauLYPDO3jn83Q=" } } } ``` If the application certificate is not defined in the twin configuration, a self-signed application certificate is automatically generated. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tricloudnexus.io/edge/nexus-modules/data-connector-modules/opcuamodule/twin-config.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.