Connecting Ignition to Kepware

Here is a guide for connecting Ignition to a Kepware OPC-UA server.

The article and a PDF of the steps can be found on our blog.
http://www.kymerasystems.com/connecting-ignition-kepware

1. Disable anonymous logins.
You could probably skip this step, but we feel it adds a bit more security, so we do it.

1a. Open the Kepware Configuration tool. Click File > Project Properties.

1b. Click the OPC-UA tab. Change the “Allow anonymous login” option to false.

Step 2. Configure OPC-UA User

2a. Click Settings

2b. Click User Manager > Add User

2c. Add your user. This is just an example.

2d. Set user permissions as follows.

3. Set up OPC-UA Endpoints.

3a. Click OPC-UA Configuration

3b. Make sure you add end points for the interfaces you want to use.


4. Import Ignition Client Certificate

4a. Browse to your gateway. Click OPA-UA > Certificates.

4b. Export your Client Certificate

4c. Import Certificate. Click Trusted Clients. Import the previously exported client certificate. Close OPC-UA Configuration Window.

5. Re-initialize Kepware Runtime.

5a. Re-initialize Kepware Runtime.

6. Configure connection from Ignition to Kepware.

6a. On the Ignition gateway, click OPC Connections > Servers > Create new OPC Server Connection…

6b. Add a OPC-UA Connection

6c. Configure the connection. You will need to enter your end point and user information from steps 2 and 3 here. If you are using a NAT to access your Kepware server from a remote subnet, you will need to override your endpoint hosts under the advanced settings, identified by the blue arrows. If you are not using a NAT, you should leave these blank.

6d. Click OK, and you should have a successful connection from Ignition to Kepware.

We will post this guide to our website as well, so people can use this for future reference. Any questions, please feel free to ask.

1 Like

Thanks kyle for sharing this guide !
:thumb_right:

Unless you’re using an old version of Kepware, manually importing certificates is not necessary. They’ll show up in Kepware once a connection attempt is made and can then be made trusted from there.

Yeah I put it there to be verbose.