Connectors and Connections > Data Ingestion and Replication connection properties > OPC UA connection properties
  

OPC UA connection properties

When you set up an OPC UA connection, you must configure the connection properties.
The following table describes the OPC UA connection properties:
Property
Description
Connection Name
Name of the connection.
The name is not case sensitive and must be unique within the domain. You can change this property after you create the connection. The name cannot exceed 128 characters, contain spaces, or contain the following special characters:~ ` ! $ % ^ & * ( ) - + = { [ } ] | \ : ; " ' < , > . ? /
Description
Optional. Description of the connection.
The description cannot exceed 4,000 characters.
Type
The OPC UA connection type.
Runtime Environment
Name of the runtime environment where you want to run the tasks.
Endpoint URL
The unique URL to connect to the OPC UA server.
The endpoint URL identifies the specific instance of a server and a security policy type. A valid endpoint URL consists of the endpoint type (opc.tcp), the endpoint host name (IP address, URL, or DSN), and the endpoint port number.
For example, opc.tcp://opcuaserver.com:48010
Security Policy
The security policy used to connect to the OPC UA server.
The security policy parameters specify the security algorithms that the OPC UA server supports.
You can choose one of the following security policies:
  • - None. No security provided.
  • - Basic128Rsa15
  • - Basic256
  • - Basic256Sha256
  • - Aes128_Sha256_RsaOaep
  • - Aes256_Sha256_RsaPss
Note: The OPC Foundation deprecated the security policies, Basic128Rsa15 and Basic256 as of OPC UA specification version 1.04. The encryption provided by these policies is less secure. Use these security policies only to provide backward compatibility.
Security Mode
The security mode used to connect to the OPC UA server.
The security mode is valid only when security policy is not set to None. You can choose one of the following security policies:
  • - Sign. Transfer unencrypted data, but with digital signatures that allow verification of data integrity.
  • - SignAndEncrypt. Transfer signed and encrypted data.
Application URI
Optional. A unique identifier that the OPC UA application can use to connect to the OPC UA server.
Enter a unique ID in the following format:
urn:aaa:bbb
For example, urn:nifi:opcua
The unique identifier must match the URI of the Subject Alternative Name of your OPC UA client certificate.
Client Keystore Location
Optional. Absolute path and file name of the keystore file that contains private keys and certificates for the OPC UA server.
Enter the path in the following format:
/root/opcua/client.jks
The keystore must contain only one keypair entry of private key and certificate. If multiple keypair entries exist, the first entry is used.
Client Keystore Password
Optional. Password for the client keystore.
Require server authentication
Optional. Enable if you require server authentication of client certificates, client authentication of server certificates, or both.
Trust store Location
Optional. The absolute path of the truststore file that contains the trusted certificate.
Enter the path in the following format:
/root/opcua/trust.jks
Trust store Password
Password for the truststore file.
Authentication Policy
Authentication settings required to establish the connections.
You can choose one of the following authentication policies:
  • - Anon. Anonymous authentication. Anonymous tokens are associated with servers that do not require user authentication.
  • - UserName. User name and password tokens are associated with servers with any password based system, such as Windows.
User Name
User name to access the OPC UA server if you choose authentication policy as UserName.
Password
Password to access the OPC UA server if you choose authentication policy as UserName.