QuickOPC User's Guide and Reference
OPC UA Client Application Service
Features > Services > OPC UA Client Application Service
In This Topic

This QuickOPC service allows management of OPC UA client application. The OPC UA Client Application Service has high-level properties and methods for tasks related to maintaining application registrations in the GDS servers, obtaining instance certificate from GDS, refreshing application trust lists from GDS, and similar tasks.

If you can, prefer use of the OPC UA Client Application Service over implementing the same functionality yourself, e.g. with the help of OPC UA Global Discovery Client and/or OPC UA Certificate Management Client. The OPC UA Client Application Service already has all the necessary logic needed to perform the typical client-side application tasks properly and easily.

The features discussed here, or some of them, may not be available in all editions of the product. Check the Product Editions page for differences between the editions. The trial license has all features enabled (and is limited in period for which it provides valid data), but licenses for specific commercial editions may have functionality limitations.

Specifically, methods in this service that work with the Global Discovery Server (GDS) are not licensed for use in lower editions of QuickOPC.

Exporting

In order to export the registration data of the OPC UA application into an  XML file, call the ExportRegisteredApplication Method. This method exports the security settings in the format used by the GDS client from OPC Foundation (Windows desktop sample). It uses the RegisteredApplication schema (which is not part of the OPC UA standard).

In order to export the security settings of the OPC UA application into an XML file, call the ExportSecuredApplication Method. This method exports the security settings in the format described in OPC UA Specification Part 6, Annex "Security settings management". The file conforms to the SecuredApplication schema.

Managing GDS Registrations

The OPC UA Client Application Service is capable of maintaining client application registrations with one or more GDS servers simultaneously. The methods described further below allow you to control these registrations.

The service keeps track of the registrations (and unregistrations) performed. You can use the ApplicationIdDictionary Property to figure out the application IDs assigned to the current client application by the OPC UA Global Discovery Servers.

Registration of OPC UA clients in the GDS is not "as important" as registration of OPC UA servers, because (except for so-called Reverse Connect) it is the clients that need to discover the servers, and not vice versa. The application registration is, however, a prerequisite for certificate management (also typically provided by the GDS), and for this reason, you may find yourself dealing with registration of OPC UA client application with the GDS anyway.

Registering to GDS

In order to register the current client application with the OPC UA Global Discovery Server (GDS), call the RegisterToGds Method. This method creates an application registration in the GDS, assigning it a new application ID. Existing registrations with the same application URI are removed first.

The difference between the RegisterToGds and UpdateGdsRegistration methods is that the RegisterToGds Method always obtains a new application ID, whereas the UpdateGdsRegistration Method attempts to reuse the existing application ID, if known. Neither of these methods requires the GDS registration be in any particular state for it to succeed, and both methods assure that after a successful execution, there is one and only one registration in the given GDS for this application.

The identity of the application itself is carried by its application URI, as given by the ApplicationUriString returned by the GetApplicationElement Method. Methods on this interface that manipulate or inspect the GDS registration use the application URI to identify the registration records belonging to this application.

For ane example to this method, see: Examples - OPC UA Application - Register to GDS.

Updating GDS Registration

In order to update the registration of the current client application within the OPC UA Global Discovery Server (GDS), call the UpdateGdsRegistration Method. This method updates an application registration in the GDS, keeping its application ID. A new registration is created if the application is not yet registered in the GDS. Preexisting registrations with the same application URI are removed.

The difference between the RegisterToGds and UpdateGdsRegistration methods is that the RegisterToGds Method always obtains a new application ID, whereas the UpdateGdsRegistration Method attempts to reuse the existing application ID, if known. Neither of these methods requires the GDS registration be in any particular state for it to succeed, and both methods assure that after a successful execution, there is one and only one registration in the given GDS for this application.

The identity of the application itself is carried by its application URI, as given by the ApplicationUriString returned by the GetApplicationElement Method. Methods on this interface that manipulate or inspect the GDS registration use the application URI to identify the registration records belonging to this application.

// Shows how to update an application registration in the GDS, keeping its application ID if possible.

using System;
using Microsoft.Extensions.DependencyInjection;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.AddressSpace;
using OpcLabs.EasyOpc.UA.Application;
using OpcLabs.EasyOpc.UA.Application.Extensions;
using OpcLabs.EasyOpc.UA.Extensions;
using OpcLabs.EasyOpc.UA.OperationModel;

namespace UADocExamples.Application._IEasyUAClientApplication
{
    class UpdateGdsRegistration
    {
        public static void Main1()
        {
            // Define which GDS we will work with.
            UAEndpointDescriptor gdsEndpointDescriptor =
                ((UAEndpointDescriptor)"opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer")
                .WithUserNameIdentity("appadmin", "demo");

            // Obtain the client application service.
            var client = new EasyUAClient();
            IEasyUAClientApplication clientApplication = client.GetService<IEasyUAClientApplication>();

            // Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString);

            // Update an application registration in the GDS, keeping its application ID if possible.
            UANodeId applicationId;
            try
            {
                applicationId = clientApplication.UpdateGdsRegistration(gdsEndpointDescriptor);
            }
            catch (UAException uaException)
            {
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                return;
            }

            // Display results
            Console.WriteLine("Application ID: {0}", applicationId);
        }
    }
}
// Shows how to update an application registration in the GDS, keeping its application ID if possible.

class procedure UpdateGdsRegistration.Main;
var
  ApplicationId: _UANodeId;
  Client: _EasyUAClient;
  ClientApplication: _EasyUAClientApplication;
  GdsEndpointDescriptor: _UAEndpointDescriptor;
begin
  // Define which GDS we will work with.
  GdsEndpointDescriptor := CoUAEndpointDescriptor.Create;
  GdsEndpointDescriptor.UrlString := 'opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName := 'appadmin';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password := 'demo';

  // Obtain the client application service.
  Client := CoEasyUAClient.Create;
  ClientApplication := IInterface(Client.GetServiceByName('OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA')) as _EasyUAClientApplication;

  // Display which application we are about to work with.
  WriteLn('Application URI string: ', ClientApplication.GetApplicationElement.ApplicationUriString);

  // Update an application registration in the GDS, keeping its application ID if possible.
  try
    ApplicationId := ClientApplication.UpdateGdsRegistration(gdsEndpointDescriptor);
  except
    on E: EOleException do
    begin
      WriteLn(Format('*** Failure: %s', [E.GetBaseException.Message]));
    end;
  end;

  // Display results
  WriteLn('Application ID: ', ApplicationId.ToString);
end;
// Shows how to update an application registration in the GDS, keeping its application ID if possible.

// Define which GDS we will work with.
$GdsEndpointDescriptor = new COM("OpcLabs.EasyOpc.UA.UAEndpointDescriptor");
$GdsEndpointDescriptor->UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->UserName = "appadmin";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->Password = "demo";

// Obtain the client application service.
$Client = new COM("OpcLabs.EasyOpc.UA.EasyUAClient");
$ClientApplication = $Client->GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA");

// Display which application we are about to work with.
printf("Application URI string: %s\n", $ClientApplication->GetApplicationElement->ApplicationUriString);

// Update an application registration in the GDS, keeping its application ID if possible.
try
{
    $ApplicationId = $ClientApplication->UpdateGdsRegistration($GdsEndpointDescriptor);
}
catch (com_exception $e)
{
    printf("*** Failure: %s\n", $e->getMessage());
    exit();
}

// Display results
printf("Application ID: %s\n", $ApplicationId);
Rem Shows how to update an application registration in the GDS, keeping its application ID if possible.

Private Sub IEasyUAClientApplication_UpdateGdsRegistration_Main_Command_Click()
    OutputText = ""
    ' Define which GDS we will work with.
    Dim gdsEndpointDescriptor As New UAEndpointDescriptor
    gdsEndpointDescriptor.UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer"
    gdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName = "appadmin"
    gdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password = "demo"
    
    ' Obtain the client application service.
    Dim client As New EasyUAClient
    Dim clientApplication As AbstractEasyUAClientApplication
    Set clientApplication = client.GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA")
    
    ' Display which application we are about to work with.
    OutputText = OutputText & "Application URI string: " & clientApplication.GetApplicationElement.applicationUriString & vbCrLf

    ' Update an application registration in the GDS, keeping its application ID if possible.
    On Error Resume Next
    Dim applicationId As UANodeId
    Set applicationId = clientApplication.UpdateGdsRegistration(gdsEndpointDescriptor)
    If Err.Number <> 0 Then
        OutputText = OutputText & "*** Failure: " & Err.Source & ": " & Err.Description & vbCrLf
        Exit Sub
    End If
    On Error GoTo 0

    ' Display results
    OutputText = OutputText & "Application ID: " & applicationId & vbCrLf
End Sub
' Shows how to update an application registration in the GDS, keeping its application ID if possible.

Imports Microsoft.Extensions.DependencyInjection
Imports OpcLabs.EasyOpc.UA
Imports OpcLabs.EasyOpc.UA.AddressSpace
Imports OpcLabs.EasyOpc.UA.Application
Imports OpcLabs.EasyOpc.UA.Application.Extensions
Imports OpcLabs.EasyOpc.UA.Extensions
Imports OpcLabs.EasyOpc.UA.OperationModel

Namespace UADocExamples.Application._IEasyUAClientApplication
    Friend Class UpdateGdsRegistration
        Public Shared Sub Main1()

            ' Define which GDS we will work with.
            Dim gdsEndpointDescriptor As UAEndpointDescriptor =
                New UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer") _
                .WithUserNameIdentity("appadmin", "demo")

            ' Obtain the client application service.
            Dim client = New EasyUAClient()
            Dim clientApplication = client.GetService(Of IEasyUAClientApplication)()

            ' Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString)

            ' Update an application registration in the GDS, keeping its application ID if possible.
            Dim applicationId As UANodeId
            Try
                applicationId = clientApplication.UpdateGdsRegistration(gdsEndpointDescriptor)
            Catch uaException As UAException
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException.Message)
                Exit Sub
            End Try

            ' Display results
            Console.WriteLine("Application ID: {0}", applicationId)
        End Sub
    End Class
End Namespace

Unregistering from GDS

In order to remove the registration of the current client application from the OPC UA Global DIscovery Server (GDS), call the UnregisterFromGds Method. All existing registrations for the application URI are removed.

This method does not return an error or throw an exception if the application is not currently registered in the GDS.

// Shows how to delete an application registration from the GDS.

using System;
using Microsoft.Extensions.DependencyInjection;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.Application;
using OpcLabs.EasyOpc.UA.Application.Extensions;
using OpcLabs.EasyOpc.UA.Extensions;
using OpcLabs.EasyOpc.UA.OperationModel;

namespace UADocExamples.Application._IEasyUAClientApplication
{
    class UnregisterFromGds
    {
        public static void Main1()
        {
            // Define which GDS we will work with.
            UAEndpointDescriptor gdsEndpointDescriptor =
                ((UAEndpointDescriptor)"opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer")
                .WithUserNameIdentity("appadmin", "demo");

            // Obtain the client application service.
            var client = new EasyUAClient();
            IEasyUAClientApplication clientApplication = client.GetService<IEasyUAClientApplication>();

            // Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString);

            // Delete an application registration from the GDS.
            try
            {
                clientApplication.UnregisterFromGds(gdsEndpointDescriptor);
            }
            catch (UAException uaException)
            {
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                return;
            }
        }
    }
}
// Shows how to delete an application registration from the GDS.

class procedure UnregisterFromGds.Main;
var
  Client: _EasyUAClient;
  ClientApplication: _EasyUAClientApplication;
  GdsEndpointDescriptor: _UAEndpointDescriptor;
begin
  // Define which GDS we will work with.
  GdsEndpointDescriptor := CoUAEndpointDescriptor.Create;
  GdsEndpointDescriptor.UrlString := 'opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName := 'appadmin';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password := 'demo';

  // Obtain the client application service.
  Client := CoEasyUAClient.Create;
  ClientApplication := IInterface(Client.GetServiceByName('OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA')) as _EasyUAClientApplication;

  // Display which application we are about to work with.
  WriteLn('Application URI string: ', ClientApplication.GetApplicationElement.ApplicationUriString);

  // Delete an application registration from the GDS.
  try
    ClientApplication.UnregisterFromGds(gdsEndpointDescriptor);
  except
    on E: EOleException do
    begin
      WriteLn(Format('*** Failure: %s', [E.GetBaseException.Message]));
    end;
  end;
end;
// Shows how to delete an application registration from the GDS.

// Define which GDS we will work with.
$GdsEndpointDescriptor = new COM("OpcLabs.EasyOpc.UA.UAEndpointDescriptor");
$GdsEndpointDescriptor->UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->UserName = "appadmin";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->Password = "demo";

// Obtain the client application service.
$Client = new COM("OpcLabs.EasyOpc.UA.EasyUAClient");
$ClientApplication = $Client->GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA");

// Display which application we are about to work with.
printf("Application URI string: %s\n", $ClientApplication->GetApplicationElement->ApplicationUriString);

  // Delete an application registration from the GDS.
try
{
    $ClientApplication->UnregisterFromGds($GdsEndpointDescriptor);
}
catch (com_exception $e)
{
    printf("*** Failure: %s\n", $e->getMessage());
    exit();
}
' Shows how to delete an application registration from the GDS.

Imports Microsoft.Extensions.DependencyInjection
Imports OpcLabs.EasyOpc.UA
Imports OpcLabs.EasyOpc.UA.Application
Imports OpcLabs.EasyOpc.UA.Application.Extensions
Imports OpcLabs.EasyOpc.UA.Extensions
Imports OpcLabs.EasyOpc.UA.OperationModel

Namespace UADocExamples.Application._IEasyUAClientApplication
    Friend Class UnregisterFromGds
        Public Shared Sub Main1()

            ' Define which GDS we will work with.
            Dim gdsEndpointDescriptor As UAEndpointDescriptor =
                New UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer") _
                .WithUserNameIdentity("appadmin", "demo")

            ' Obtain the client application service.
            Dim client = New EasyUAClient()
            Dim clientApplication = client.GetService(Of IEasyUAClientApplication)()

            ' Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString)

            ' Delete an application registration from the GDS.
            Try
                clientApplication.UnregisterFromGds(gdsEndpointDescriptor)
            Catch uaException As UAException
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException.Message)
                Exit Sub
            End Try
        End Sub
    End Class
End Namespace

Finding GDS Registrations

In order to find all registrations for the current client application (using its application URI) in the OPC UA Global Discovery Server (GDS), call the FindGdsRegistrations Method. The method returns a dictionary of UAApplicationElement objects with application registration information, keyed by a UANodeId which is the application ID identifying the registration in the GDS.

The identity of the application itself is carried by its application URI, as given by the ApplicationUriString returned by the GetApplicationElement Method. Methods on this interface that manipulate or inspect the GDS registration use the application URI to identify the registration records belonging to this application.

For ane example to this method, see: Examples - OPC UA Application - Find all our registrations in GDS.

Getting Application Element

"Application element" is a data structure that contains registration information about an OPC UA application, i.e. how the application is configured to register itself in OPC UA ecosystem. In order to get the registration information for the current client application, call the GetApplicationElement Method.

The data contained the application element is implementation-dependent. For the OPC UA client application service on the EasyUAClient Class implemented with the OPC Foundation's UA SDK, it is determined by the settings in the UAApplicationManifest Class. In order to modify these parameters, access the ApplicationManifest Property of ApplicationParameters Property of EngineParameters Property of static SharedParameters Property.

For ane example to this method, see: Examples - OPC UA Application - Get registration information.

Managing Certificates

Some methods in this group work with the OPC UA Global Discovery Server (GDS) in the role of Certificate Manager (CM). Use of the certificate manager can significantly simplify the management of OPC UA security. Only use these methods if your OPC UA setup includes such Global Discovery Server.

Obtaining a New Certificate

In order to begin an asynchronous operation that obtains a enw application instance certificate from the certificate manager and stores it for subsequent usage, call the BeginObtainNewCertificate Method.

The operation is asynchronous, because it involves multiple steps, and waiting for a finalization of the request by the GDS (see the IEasyUACertificateManagementClient.FinishRequest method). End of the operation is handled by the IEasyUAClientApplication.EndObtainNewCertificate method. The operation can be cancelled using the IEasyUAClientApplication.CancelObtainNewCertificate method.

For a synchronous alternative, see the ObtainNewCertificate Extension Method, with its overloads.

For a task-based asynchronous programming pattern alternative, see the ObtainNewCertificateAsync Extension Method, with its overloads.

// Shows how to obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.

using System;
using Microsoft.Extensions.DependencyInjection;
using OpcLabs.BaseLib.Security.Cryptography.PkiCertificates;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.Application;
using OpcLabs.EasyOpc.UA.Application.Extensions;
using OpcLabs.EasyOpc.UA.Extensions;
using OpcLabs.EasyOpc.UA.OperationModel;

namespace UADocExamples.Application._IEasyUAClientApplication
{
    partial class ObtainNewCertificate
    {
        public static void Main1()
        {
            // Define which GDS we will work with.
            UAEndpointDescriptor gdsEndpointDescriptor =
                ((UAEndpointDescriptor)"opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer")
                .WithUserNameIdentity("appadmin", "demo");

            // Obtain the client application service.
            var client = new EasyUAClient();
            IEasyUAClientApplication clientApplication = client.GetService<IEasyUAClientApplication>();

            // Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString);
            
            // Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
            IPkiCertificate certificate;
            try
            {
                certificate = clientApplication.ObtainNewCertificate(gdsEndpointDescriptor);
            }
            catch (UAException uaException)
            {
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                return;
            }

            // Display results
            Console.WriteLine("Certificate: {0}", certificate);
        }
    }
}
// Shows how to obtain a new application certificate from the certificate manager (GDS),
// and store it for subsequent usage.

class procedure ObtainNewCertificate.Main;
var
  ApplicationElement: _UAApplicationElement;
  Certificate: _PkiCertificate;
  Client: _EasyUAClient;
  ClientApplication: _EasyUAClientApplication;
  GdsEndpointDescriptor: _UAEndpointDescriptor;
  Parameters: _UAObtainNewCertificateParameters;
begin
  // Define which GDS we will work with.
  GdsEndpointDescriptor := CoUAEndpointDescriptor.Create;
  GdsEndpointDescriptor.UrlString := 'opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName := 'appadmin';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password := 'demo';

  // Obtain the client application service.
  Client := CoEasyUAClient.Create;
  ClientApplication := IInterface(Client.GetServiceByName('OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA')) as _EasyUAClientApplication;

  // Display which application we are about to work with.
  ApplicationElement := ClientApplication.GetApplicationElement;
  WriteLn('Application URI string: ', ClientApplication.GetApplicationElement.ApplicationUriString);

  // Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
  Parameters := CoUAObtainNewCertificateParameters.Create;

  try
    Certificate := ClientApplication.ObtainNewCertificate(GdsEndpointDescriptor, Parameters);
  except
    on E: EOleException do
    begin
      WriteLn(Format('*** Failure: %s', [E.GetBaseException.Message]));
    end;
  end;

  // Display results
  WriteLn('Certificate: ', (Certificate as _PKICertificate).ToString);
end;
// Shows how to obtain a new application certificate from the certificate manager (GDS),
// and store it for subsequent usage.

// Define which GDS we will work with.
$GdsEndpointDescriptor = new COM("OpcLabs.EasyOpc.UA.UAEndpointDescriptor");
$GdsEndpointDescriptor->UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->UserName = "appadmin";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->Password = "demo";

// Obtain the client application service.
$Client = new COM("OpcLabs.EasyOpc.UA.EasyUAClient");
$ClientApplication = $Client->GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA");

// Display which application we are about to work with.
$ApplicationElement = $ClientApplication->GetApplicationElement;
printf("Application URI string: %s\n", $ClientApplication->GetApplicationElement->ApplicationUriString);

// Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
$Parameters = new COM("OpcLabs.EasyOpc.UA.Application.UAObtainNewCertificateParameters");

try
{
    $Certificate = $ClientApplication->ObtainNewCertificate($GdsEndpointDescriptor, $Parameters);
}
catch (com_exception $e)
{
    printf("*** Failure: %s\n", $e->getMessage());
    exit();
}

// Display results
printf("Certificate: %s\n", $Certificate);
Rem Shows how to obtain a new application certificate from the certificate manager (GDS),
Rem and store it for subsequent usage.

Private Sub IEasyUAClientApplication_ObtainNewCertificate_Main_Command_Click()
    OutputText = ""
    
    ' Define which GDS we will work with.
    Dim gdsEndpointDescriptor As New UAEndpointDescriptor
    gdsEndpointDescriptor.UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer"
    gdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName = "appadmin"
    gdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password = "demo"
    
    ' Obtain the client application service.
    Dim client As New EasyUAClient
    Dim clientApplication As AbstractEasyUAClientApplication
    Set clientApplication = client.GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA")
    
    ' Display which application we are about to work with.
    OutputText = OutputText & "Application URI string: " & clientApplication.GetApplicationElement.applicationUriString & vbCrLf

    ' Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
    Dim parameters As New UAObtainNewCertificateParameters
    
    On Error Resume Next
    Dim certificate As PkiCertificate
    Set certificate = clientApplication.ObtainNewCertificate(gdsEndpointDescriptor, parameters)
    If Err.Number <> 0 Then
        OutputText = OutputText & "*** Failure: " & Err.Source & ": " & Err.Description & vbCrLf
        Exit Sub
    End If
    On Error GoTo 0

    ' Display results
    OutputText = OutputText & "Certificate: " & certificate & vbCrLf
End Sub
' Shows how to obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.

Imports Microsoft.Extensions.DependencyInjection
Imports OpcLabs.BaseLib.Security.Cryptography.PkiCertificates
Imports OpcLabs.EasyOpc.UA
Imports OpcLabs.EasyOpc.UA.Application
Imports OpcLabs.EasyOpc.UA.Application.Extensions
Imports OpcLabs.EasyOpc.UA.Extensions
Imports OpcLabs.EasyOpc.UA.OperationModel

Namespace UADocExamples.Application._IEasyUAClientApplication
    Partial Friend Class ObtainNewCertificate
        Public Shared Sub Main1()

            ' Define which GDS we will work with.
            Dim gdsEndpointDescriptor As UAEndpointDescriptor =
                New UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer") _
                .WithUserNameIdentity("appadmin", "demo")

            ' Obtain the client application service.
            Dim client = New EasyUAClient()
            Dim clientApplication = client.GetService(Of IEasyUAClientApplication)()

            ' Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString)

            ' Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
            Dim certificate As PkiCertificate
            Try
                certificate = clientApplication.ObtainNewCertificate(gdsEndpointDescriptor)
            Catch uaException As UAException
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException.Message)
                Exit Sub
            End Try

            ' Display results
            Console.WriteLine("Certificate: {0}", certificate)
        End Sub
    End Class
End Namespace
Rem Shows how to obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.

Option Explicit

' Define which GDS we will work with.
Dim GdsEndpointDescriptor: Set GdsEndpointDescriptor = CreateObject("OpcLabs.EasyOpc.UA.UAEndpointDescriptor")
GdsEndpointDescriptor.UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer"
GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName = "appadmin"
GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password = "demo"

' Obtain the client application service.
Dim Client: Set Client = CreateObject("OpcLabs.EasyOpc.UA.EasyUAClient")
Dim ClientApplication: Set ClientApplication = Client.GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA")

' Display which application we are about to work with.
Dim ApplicationElement: Set ApplicationElement = ClientApplication.GetApplicationElement
WScript.Echo "Application URI string: " & ClientApplication.GetApplicationElement.ApplicationUriString

Rem Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
Dim Parameters: Set Parameters = CreateObject("OpcLabs.EasyOpc.UA.Application.UAObtainNewCertificateParameters")
On Error Resume Next
Dim Certificate: Set Certificate = ClientApplication.ObtainNewCertificate(GdsEndpointDescriptor, Parameters)
If Err.Number <> 0 Then
    WScript.Echo "*** Failure: " & Err.Source & ": " & Err.Description
    WScript.Quit
End If
On Error Goto 0

' Display results
WScript.Echo "Certificate: " & Certificate

This method can also be provided a callback, in form of the IProgress Interface, through which it reports its progress.

// Shows how to obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage,
// with progress reporting.

using System;
using Microsoft.Extensions.DependencyInjection;
using OpcLabs.BaseLib.Security.Cryptography.PkiCertificates;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.Application;
using OpcLabs.EasyOpc.UA.Application.Extensions;
using OpcLabs.EasyOpc.UA.Extensions;
using OpcLabs.EasyOpc.UA.OperationModel;

namespace UADocExamples.Application._IEasyUAClientApplication
{
    partial class ObtainNewCertificate
    {
        public static void Progress()
        {
            // Define which GDS we will work with.
            UAEndpointDescriptor gdsEndpointDescriptor = 
                ((UAEndpointDescriptor)"opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer")
                .WithUserNameIdentity("appadmin", "demo");

            // Obtain the client application service.
            var client = new EasyUAClient();
            IEasyUAClientApplication clientApplication = client.GetService<IEasyUAClientApplication>();

            // Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString);

            // Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
            IPkiCertificate certificate;
            try
            {
                certificate = clientApplication.ObtainNewCertificate(gdsEndpointDescriptor,
                    new Progress<string>(s => Console.WriteLine("Progress: {0}", s)));
            }
            catch (UAException uaException)
            {
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                return;
            }

            // Display results
            Console.WriteLine("Certificate: {0}", certificate);
        }
    }
}
' Shows how to obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage,
' with progress reporting.

Imports Microsoft.Extensions.DependencyInjection
Imports OpcLabs.BaseLib.Security.Cryptography.PkiCertificates
Imports OpcLabs.EasyOpc.UA
Imports OpcLabs.EasyOpc.UA.Application
Imports OpcLabs.EasyOpc.UA.Application.Extensions
Imports OpcLabs.EasyOpc.UA.Extensions
Imports OpcLabs.EasyOpc.UA.OperationModel

Namespace UADocExamples.Application._IEasyUAClientApplication
    Partial Friend Class ObtainNewCertificate
        Public Shared Sub Progress()

            ' Define which GDS we will work with.
            Dim gdsEndpointDescriptor As UAEndpointDescriptor =
                New UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer") _
                .WithUserNameIdentity("appadmin", "demo")

            ' Obtain the client application service.
            Dim client = New EasyUAClient()
            Dim clientApplication = client.GetService(Of IEasyUAClientApplication)()

            ' Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString)

            ' Obtain a new application certificate from the certificate manager (GDS), and store it for subsequent usage.
            Dim certificate As PkiCertificate
            Try
                certificate = clientApplication.ObtainNewCertificate(gdsEndpointDescriptor,
                    New Progress(Of String)(Sub(s) Console.WriteLine("Progress: {0}", s)))
            Catch uaException As UAException
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException.Message)
                Exit Sub
            End Try

            ' Display results
            Console.WriteLine("Certificate: {0}", certificate)
        End Sub
    End Class
End Namespace

Refreshing Trust Lists

In order to retrieve the current trust lists for the application from the certificate manager, and refresh own certificate stores accordingly, call the RefreshTrustLists Method.

The operation first updates the application's registration in the GDS, before retrieving the trust lists from the certificate manager and adding them to the certificate stores

// Shows how to refresh own certificate stores using current trust lists for the application from the certificate manager.

using System;
using Microsoft.Extensions.DependencyInjection;
using OpcLabs.EasyOpc.UA;
using OpcLabs.EasyOpc.UA.Application;
using OpcLabs.EasyOpc.UA.Application.Extensions;
using OpcLabs.EasyOpc.UA.Extensions;
using OpcLabs.EasyOpc.UA.Gds;
using OpcLabs.EasyOpc.UA.OperationModel;

namespace UADocExamples.Application._IEasyUAClientApplication
{
    class RefreshTrustLists
    {
        public static void Main1()
        {
            // Define which GDS we will work with.
            UAEndpointDescriptor gdsEndpointDescriptor =
                ((UAEndpointDescriptor)"opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer")
                .WithUserNameIdentity("appadmin", "demo");

            // Obtain the client application service.
            var client = new EasyUAClient();
            IEasyUAClientApplication clientApplication = client.GetService<IEasyUAClientApplication>();

            // Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString);

            // Refresh own certificate stores using current trust lists for the application from the certificate manager.
            UATrustListMasks refreshedTrustLists;
            try
            {
                refreshedTrustLists = clientApplication.RefreshTrustLists(gdsEndpointDescriptor);
            }
            catch (UAException uaException)
            {
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException().Message);
                return;
            }

            // Display results
            Console.WriteLine("Refreshed trust lists: {0}", refreshedTrustLists);
        }
    }
}
// Shows how to refresh own certificate stores using current trust lists
// for the application from the certificate manager.

class procedure RefreshTrustLists.Main;
var
  Client: _EasyUAClient;
  ClientApplication: _EasyUAClientApplication;
  GdsEndpointDescriptor: _UAEndpointDescriptor;
  RefreshedTrustLists: UATrustListMasks;
begin
  // Define which GDS we will work with.
  GdsEndpointDescriptor := CoUAEndpointDescriptor.Create;
  GdsEndpointDescriptor.UrlString := 'opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName := 'appadmin';
  GdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password := 'demo';

  // Obtain the client application service.
  Client := CoEasyUAClient.Create;
  ClientApplication := IInterface(Client.GetServiceByName('OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA')) as _EasyUAClientApplication;

  // Display which application we are about to work with.
  WriteLn('Application URI string: ', ClientApplication.GetApplicationElement.ApplicationUriString);

  // Refresh own certificate stores using current trust lists for the application from the certificate manager.
  try
    RefreshedTrustLists := clientApplication.RefreshTrustLists(gdsEndpointDescriptor);
  except
    on E: EOleException do
    begin
      WriteLn(Format('*** Failure: %s', [E.GetBaseException.Message]));
      Exit;
    end;
  end;

  // Display results
  WriteLn('Refreshed trust lists: ', RefreshedTrustLists);
end;
// Shows how to refresh own certificate stores using current trust lists
// for the application from the certificate manager.

// Define which GDS we will work with.
$GdsEndpointDescriptor = new COM("OpcLabs.EasyOpc.UA.UAEndpointDescriptor");
$GdsEndpointDescriptor->UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->UserName = "appadmin";
$GdsEndpointDescriptor->UserIdentity->UserNameTokenInfo->Password = "demo";

// Obtain the client application service.
$Client = new COM("OpcLabs.EasyOpc.UA.EasyUAClient");
$ClientApplication = $Client->GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA");

// Display which application we are about to work with.
printf("Application URI string: %s\n", $ClientApplication->GetApplicationElement->ApplicationUriString);

// Refresh own certificate stores using current trust lists for the application from the certificate manager.
try
{
    $RefreshedTrustLists = $ClientApplication->RefreshTrustLists($GdsEndpointDescriptor);
}
catch (com_exception $e)
{
    printf("*** Failure: %s\n", $e->getMessage());
    exit();
}

// Display results
printf("Refreshed trust lists: %s\n", $RefreshedTrustLists);
Rem Shows how to refresh own certificate stores using current trust lists
Rem for the application from the certificate manager.

Private Sub IEasyUAClientApplication_RefreshTrustLists_Main_Command_Click()
    OutputText = ""
    
    ' Define which GDS we will work with.
    Dim gdsEndpointDescriptor As New UAEndpointDescriptor
    gdsEndpointDescriptor.UrlString = "opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer"
    gdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.UserName = "appadmin"
    gdsEndpointDescriptor.UserIdentity.UserNameTokenInfo.Password = "demo"
    
    ' Obtain the client application service.
    Dim client As New EasyUAClient
    Dim clientApplication As AbstractEasyUAClientApplication
    Set clientApplication = client.GetServiceByName("OpcLabs.EasyOpc.UA.Application.IEasyUAClientApplication, OpcLabs.EasyOpcUA")
    
    ' Display which application we are about to work with.
    OutputText = OutputText & "Application URI string: " & clientApplication.GetApplicationElement.applicationUriString & vbCrLf

    ' Refresh own certificate stores using current trust lists for the application from the certificate manager.
    On Error Resume Next
    Dim refreshedTrustLists As UATrustListMasks
    refreshedTrustLists = clientApplication.RefreshTrustLists(gdsEndpointDescriptor)
    If Err.Number <> 0 Then
        OutputText = OutputText & "*** Failure: " & Err.Source & ": " & Err.Description & vbCrLf
        Exit Sub
    End If
    On Error GoTo 0

    ' Display results
    OutputText = OutputText & "Refreshed trust lists: " & refreshedTrustLists & vbCrLf
End Sub
' Shows how to refresh own certificate stores using current trust lists for the application from the certificate manager.

Imports Microsoft.Extensions.DependencyInjection
Imports OpcLabs.EasyOpc.UA
Imports OpcLabs.EasyOpc.UA.Application
Imports OpcLabs.EasyOpc.UA.Application.Extensions
Imports OpcLabs.EasyOpc.UA.Extensions
Imports OpcLabs.EasyOpc.UA.Gds
Imports OpcLabs.EasyOpc.UA.OperationModel

Namespace UADocExamples.Application._IEasyUAClientApplication
    Friend Class RefreshTrustLists
        Public Shared Sub Main1()

            ' Define which GDS we will work with.
            Dim gdsEndpointDescriptor As UAEndpointDescriptor =
                New UAEndpointDescriptor("opc.tcp://opcua.demo-this.com:58810/GlobalDiscoveryServer") _
                .WithUserNameIdentity("appadmin", "demo")

            ' Obtain the client application service.
            Dim client = New EasyUAClient()
            Dim clientApplication = client.GetService(Of IEasyUAClientApplication)()

            ' Display which application we are about to work with.
            Console.WriteLine("Application URI string: {0}",
                clientApplication.GetApplicationElement().ApplicationUriString)

            ' Refresh own certificate stores using current trust lists for the application from the certificate manager.
            Dim refreshedTrustLists As UATrustListMasks
            Try
                refreshedTrustLists = clientApplication.RefreshTrustLists(gdsEndpointDescriptor)
            Catch uaException As UAException
                Console.WriteLine("*** Failure: {0}", uaException.GetBaseException.Message)
                Exit Sub
            End Try

            ' Display results
            Console.WriteLine("Refreshed trust lists: {0}", refreshedTrustLists)
        End Sub
    End Class
End Namespace

Getting Instance Certificate

In order to get the instance certificate the application is currently configured to use, call the GetInstanceCertificate Method.

The method returns the instance certificate, if found. It returns null if the instance certificate cannot be found.

Getting Certificate Subject Name

In order to get the the subject distinguished name the application is configured to use for its certificates, call the GetCertificateSubjectName Method.

The value returned is implementation-dependent. For the OPC UA client application service on the EasyUAClient Class implemented with the OPC Foundation's UA SDK, it is determined by the settings in the UAClientServerApplicationParameters Class, as described here: Providing OPC UA Client Instance Certificate,

For ane example to this method, see: Examples - OPC UA Application - Get certificate subject name .

See Also

Reference