Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

PI OPC UA Server

TABLE OF CONTENTS

PI OPC UA Server Quick Start

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedMar 30, 2026
  • 2 minute read

The following is a concise overview to install and configure the PI OPC UA Server.

  1. Install the AVEVA PI OPC UA Server product following the Install AVEVA PI OPC UA Server guide for details.

  2. Using the Configurator, configure the available PI Systems to the PI OPC UA Server.

    1. If needed, use the PI System Explorer to modify servers listed in the Known Servers Table (KST).

  3. For the server side, generate a self-signed certificate and associated private key for the OPC UA client authentication. See Authentication for details.

    1. Copy the generated certificate and private key to the client machine.

    2. Ensure that the server's certificate is copied to the server machine.

  4. Using the Configurator (or during the installation process), import the client authentication certificate into trusted client certificates for the server. See AVEVA PI OPC UA Server configuration for details.

  5. Server configuration:

    1. Trust the client’s SSL certificate by importing it into the Local Machine\Trusted People certificate store of the server machine as referenced in Communication.

    2. (Optional) Customize the server’s SSL certificate by using this link to Communication. If not customized, the server will use the default self-signed certificate generated during the installation.

    3. If needed, configure a firewall rule on the server to allow the OPC UA port to access TCP traffic.

  6. Client configuration:

    1. Trust the server’s SSL certificate on the client machine. In many cases your client application will prompt to trust the server certificate on first connection; otherwise consult the client documentation for how to achieve this.

    2. Configure the server’s OPC UA endpoint at the OPC UA client by setting the Security Policy to Basic256Sha256 and the Message Security Mode to Sign & Encrypt. Refer to your client's documentation for details.

    3. Configure the authentication certificate and private key at the OPC UA client as explained in Trust a client certificate. Remember to set the authentication to use X.509 Certificates and reference both the certificate and private key.

  7. Attempt to connect and verify that the ability to browse a PI System(s) hierarchy and read current data.

TitleResults for “How to create a CRG?”Also Available in