OPC UA Client

Available when using an authoring Data Collector version 5.0.0 or later.

To create an OPC UA Client connection, the Basic stage library, streamsets-datacollector-basic-lib, must be installed on the selected authoring Data Collector.

For a description of the OPC UA Client connection properties, see OPC UA Client Connection Properties.

After you create an OPC UA Client connection, you can use the connection in the following stage:

Engine Stage
Data Collector 5.0.0 or later OPC UA Client origin

OPC UA Client Connection Properties

When creating an OPC UA Client connection, configure the following properties on the OPC UA tab:

OPC UA Property Description
Resource URL OPC UA resource URL to use.
Override Host Overrides the host name returned from the OPC UA server with the host name configured in the Resource URL.

Enable this property when the OPC UA server returns an internal host name that the origin cannot access. When enabled, the origin uses the retrieved endpoint information returned from the OPC UA server, but overrides the returned host name with the host name configured in the Resource URL.

Use Username and Password Connects to the OPC UA server with the user name and password specified on the Security tab.

If not selected, the origin connects to the OPC UA server anonymously.

Optionally, configure the following properties on the Security tab:

Security Property Description
Application URI Application URI to use for contact with the OPC UA server. Enter a unique ID that begins with urn as follows:
urn:<application URI>
This name can appear in reporting tools to identify the application that sent a request.
Security Policy The security policy to use. Select one of the following policies:
  • Basic128Rsa15
  • Basic 256
  • Basic256Sha256
  • None

When using a security policy, enable TLS and configure the associated properties.

Client Private Key Alias Optional private key alias to use.
Username User name to use when connecting with the OPC UA server.

Available when Use Username and Password is enabled on the OPC UA tab.

Password Password to use when connecting with the OPC UA server.

Available when Use Username and Password is enabled on the OPC UA tab.

Use TLS Enables the use of TLS.
Use Remote Keystore Enables loading the contents of the keystore from a remote credential store or from values entered in the stage properties.

For more information, see the Data Collector documentation.

Private Key Private key used in the remote keystore. Enter a credential function that returns the key or enter the contents of the key.

For more information about credential functions, see the Data Collector documentation.

Certificate Chain Each PEM certificate used in the remote keystore. Enter a credential function that returns the certificate or enter the contents of the certificate.

Using simple or bulk edit mode, click the Add icon to add additional certificates.

For more information about credential functions, see the Data Collector documentation.

Keystore File Path to the local keystore file. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory: ${runtime:resourcesDirPath()}/keystore.jks

By default, no keystore is used.

Keystore Type Type of keystore to use. Use one of the following types:
  • Java Keystore File (JKS)
  • PKCS #12 (p12 file)

Default is Java Keystore File (JKS).

Keystore Password Password to the keystore file. A password is optional, but recommended.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Keystore Key Algorithm Algorithm to manage the keystore.

Default is SunX509.

Use Remote Truststore Enables loading the contents of the truststore from a remote credential store or from values entered in the stage properties.

For more information, see the Data Collector documentation.

Trusted Certificates Each PEM certificate used in the remote truststore. Enter a credential function that returns the certificate or enter the contents of the certificate.

Using simple or bulk edit mode, click the Add icon to add additional certificates.

Truststore File Path to the local truststore file. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory: ${runtime:resourcesDirPath()}/truststore.jks

By default, no truststore is used.

Truststore Type Type of truststore to use. Use one of the following types:
  • Java Keystore File (JKS)
  • PKCS #12 (p12 file)

Default is Java Keystore File (JKS).

Truststore Password Password to the truststore file. A password is optional, but recommended.
Tip: To secure sensitive information, you can use credential stores or runtime resources.
Truststore Trust Algorithm Algorithm to manage the truststore.

Default is SunX509.

Use Default Protocols Uses the default TLSv1.2 transport layer security (TLS) protocol. To use a different protocol, clear this option.
Transport Protocols TLS protocols to use. To use a protocol other than the default TLSv1.2, click the Add icon and enter the protocol name. You can use simple or bulk edit mode to add protocols.
Note: Older protocols are not as secure as TLSv1.2.
Use Default Cipher Suites Uses a default cipher suite for the SSL/TLS handshake. To use a different cipher suite, clear this option.
Cipher Suites Cipher suites to use. To use a cipher suite that is not a part of the default set, click the Add icon and enter the name of the cipher suite. You can use simple or bulk edit mode to add cipher suites.

Enter the Java Secure Socket Extension (JSSE) name for the additional cipher suites that you want to use.