We are planning to use UaGateway (testing v1.5.9 trial) to reach an external OPC UA server with certificate and username/password authentication. Its contents will be published by UaGateway locally for internal OPC UA clients.
The use of certificates between the external server and our clients should become simplified, as our clients only need to be authenticated by UaGateway, and not the external server (that we have no control over).
Some questions regarding this server aggregation:
- I noticed when connecting to a test server that the server certificate is not added in the certificate store in the administrative tool of UaGateway. Is certificates of servers that UaGateway connects to handled automatically and not configurable, such as for clients connecting to UaGateway?
- We may aggregate multiple external servers from different partners. If the certificate of an underlying server is trusted by UaGateway, could it connect to UaGateway as a client? I suspect not since it is not visible in the certificate store, and I assume the client and server part of UaGateway is separate in this regard. However, the external certificate seems to be valid for both client and server usage.
- How do you configure logon to UaGateway UA endpoints with username/password? Can a client connecting to UaGateway only access some of the aggregated servers there by using username/password as part of the authentication, or will all underlying servers be available for all connected clients?
Thank you for all answers!