Ewon Technical Forum

Ewon Technical Forum > Development > Ewon Embedded Technology > Field Data Acquisition > OPC UA server certificate problem Flexy 205(client) <-> S7-1200(server)
Full Version: OPC UA server certificate problem Flexy 205(client) <-> S7-1200(server)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

nro

02-05-2023, 10:20 AM
(02-05-2023, 09:29 AM)Shiroj Wrote: [ -> ]
(04-07-2022, 08:55 AM)simon Wrote: [ -> ]It has not been planned yet but I have added your comment in my report.
Hope it will increase the priority of this topic.
I will keep you updated.

Are there any updates on this issue?
I currently have the same problem and have tried all the steps.
As suggested here.

I'm also wondering and waiting...

simon

02-05-2023, 02:00 PM
Hi,

Indeed, no news from the R&D for this issue unfortunately.
I will inform the Product Management team about your requests

Christophe_ushin

26-05-2023, 03:10 PM
(02-05-2023, 02:00 PM)simon Wrote: [ -> ]Hi,

Indeed, no news from the R&D for this issue unfortunately.
I will inform the Product Management team about your requests

Hello Simon,

From my side, I want put in place OPC-UA com with Siemens PLC in few weeks / months.
So ..., is there some news about this certificate problem ?

Thanks.

simon

30-05-2023, 12:58 PM
Hi,

It is still in our short list.
Btw :
- the issue only appears when "secure" OPCUA is used. So maybe not a problem for you, Christophe ?
- did someone try to give more percentage to the comm task in the CPU settings ?

Christophe_ushin

08-06-2023, 02:51 PM
(30-05-2023, 12:58 PM)simon Wrote: [ -> ]Hi,

It is still in our short list. 
Btw :
- the issue only appears when "secure" OPCUA is used.  So maybe not a problem for you, Christophe ?
- did someone try to give more percentage  to the comm task in the CPU settings ?

Hi Simon,

I will start with non secure OPC-UA com.
But in the future, I want to switch on secure com.

About, more percentage to the comm taks in the CPU settings, it's a setup I will try.

Christophe.

simon

11-06-2023, 08:54 PM
Hi Christophe,

Good to hear that.

Please let me know if the CPU %age option improve the situation :-)

c.cramer

07-03-2024, 10:20 AM
(11-06-2023, 08:54 PM)simon Wrote: [ -> ]Hi Christophe,

Good to hear that.

Please let me know if the CPU %age option improve the situation  :-)

Hello,

We are also starting to setup data acquisition for our Siemens PLC's. We have a few cases working but we are looking into upgrading the security. So I set up a OPC UA server on a S7-1200 and with no security options enabled, connection was established with the eWon. But after setting the security settings to "Basic256Sha256 - Sign & Encrypt" and setting up al the certificates the right way, the eWon refuses to establish connection with the error BadTimeOut.

So I downloaded UAexpert and got a sign of life pretty quick, but it was giving the BadTimeOut error. Following the Siemens Support page: Siemens Support, I increased the CPU's cycle load due to communication to the maximum 50%, and in UAexpert I increased the connect timeout setting. After this, the communication between UAexpert and the S7-1200 OPC server worked as expected.

Increasing the cycle load did however not help to establish connection to the server with the eWon flexy. We are really hoping to get this OPC UA connection working. So we are interested if and when the eWon will have the option to increase the timeout setting. Mainly to get the communication working, but also to lower the CPU cycle load time again as it is not desired to have this so high.

Best regards,

Colin Cramer
Beemster Electrical Solutions

nro

11-03-2024, 07:38 AM
Hi,

I guess you used the latest firmware 14.8s0?
According to the release notes the timeout is increased to work better with S7 PLC's.

I've done some tests with an S7-1211 (FW4.4) the other week.
Using the self signed certificate that TIA creates when the OPC UA server is enabled in the CPU settings works (for me) with "Basic256Sha256 - Sign & Encrypt".

However, if the global security settings for the certificate manager are enabled in TIA and the TIA CA certificate is selected in the CPU settings, the error messages BadCertificateChainIncomplete and/or CertificateValidation are generated in the Flexy.
The result is the loop where the PLC certificate is received as Rejected in the Flexy, and when marked as Trusted it gets moved to trusted certificates but upon refresh the same certificate arrives again as Rejected.
Perhaps I've missed something or maybe this is related to the CA certificate from TIA.

To be able to use the "Trusted clients" security feature of the CPU, the global security settings for the certificate manager must be enabled in TIA, and if not it is not possible to restrict which clients are allowed to connect, I think.

simon

13-03-2024, 11:31 AM
Thx Nro!!!
"According to the release notes the timeout is increased to work better with S7 PLC's." --> Indeed with 14.8s0 it should work.
Pages: 1 2
Ewon Technical Forum > Development > Ewon Embedded Technology > Field Data Acquisition > OPC UA server certificate problem Flexy 205(client) <-> S7-1200(server)