Security policies and certificates

Goal

Enable secure endpoints and configure certificates for your scripted OPC UA server.

Add security settings

Extend your server options with security policies and modes:

const server = new opcua.OPCUAServer({
    port: msg.port || 4840,
    nodeset_filename: [opcua.nodesets.standard],
    serverInfo: {
        applicationUri: `urn:${msg.endpoint}`,
        productUri: "MyOPCUAServer",
        applicationName: { text: "MyOPCUAServer", locale: "en-US" },
        isOnline: true
    },
    securityPolicies: [
        opcua.SecurityPolicy.None,
        opcua.SecurityPolicy.Basic256Sha256
    ],
    securityModes: [
        opcua.MessageSecurityMode.None,
        opcua.MessageSecurityMode.Sign,
        opcua.MessageSecurityMode.SignAndEncrypt
    ]
});

Use your own certificates

If you want to use specific certificate files, provide them in the options:

const server = new opcua.OPCUAServer({
    // ...other settings...
    certificateFile: "./pki/server_certificate.pem",
    privateKeyFile: "./pki/server_key.pem"
});

Notes

• Certificates are required for Sign and SignAndEncrypt endpoints.
• You can use the default NodeOPCUA PKI or provide your own files.

Next step

Continue with a structured namespace layout.

Further reading

For more tips and examples, see the Sterfive book node-opcua by example.