Introduction

As described in Unsolicited User Interaction, applications based on Connectivity Software components may, under certain circumstances, display a user interface based on occurences inside the components. This aticle provides further details for applications that use the OPC protocol.

• In QuickOPC applications, the component controls the connections and disconnections automatically, and when subscriptions are in effect, also makes re-connections, you - as a developer - cannot generally predict when such user interaction may be needed.
• In OPC Wizard applications, the OPC UA clients that use your server are in control of connections and disconnections, and the user interaction associated with such connections can also happen at any time.

Interaction Types

There are following situations that may trigger an unsolicited user interaction related to OPC Unified Architecture (OPC UA) operations:

• Own OPC UA Application Certificate. Issues while checking or creating an application instance certificate. These are rare, and usually only happen when the application runs for the first time.
• Peer HTTPS Certificate. When HTTPS communication is used, failed validation of server's HTTPS certificate. The user is prompted whether he/she wants to accept the certificate anyway.
• Peer OPC UA Application Certificate. Failed validation of OPC UA peer instance certificate (the QuickOPC application - as a client - fails validation of the server certificate, or OPC Wizard application - as a server - fails validation of the client certificate). The user is prompted whether he/she wants to accept the certificate anyway. The user can also choose to trust the certificate permanently. With this choice, the certificate is copied to the trusted peers certificate store (and removed from the rejected certificates store). Note that the user running the application must have sufficient permissions to add the certificate to the trusted peers certificate store.
• Peer OPC UA Endpoint Description. The effective host name in endpoint URL returned by the server does not match any of the domain names in the server certificate. This may be an indication of a spoofing attempt. The user is prompted whether he/she wants to allow the endpoint anyway.

For an OPC UA client, the "peer" is an OPC UA server. For an OPC UA server, the "peer" is an OPC UA client.

There is no unsolicited user interaction related to OPC Classic operations.

Controlling the Interaction

In QuickOPC applications, the individual interaction types can be controlled as follows:

• Own OPC UA Application Certificate. This prompt can be turned off or on by the AllowUserInteraction Property of the EasyUAApplication.ApplicationParameters.InstanceCertificateGenerationParameters. See also Providing OPC UA Application Instance Certificate.
• Peer HTTPS Certificate. This prompt can be turned off or on by the AllowUserAcceptCertificate Property of HttpsCertificateAcceptancePolicy Property of EngineParameters Property of EasyUAClient.SharedParameters Property. See also Trusting OPC UA Server HTTPS Certificate.
• Peer OPC UA Application Certificate. This prompt can be turned off or on by the AllowUserAcceptCertificate Property of CertificateAcceptancePolicy Property of EngineParameters Property of EasyUAClient.SharedParameters Property. Alternatively, the certificate acceptance policy can be overridden for a specific endpoint by setting it to a non-null value in CertificateAcceptancePolicy Property. See also Trusting OPC UA Peer Instance Certificate.
• Peer OPC UA Endpoint Description. This prompt can be turned off or on by the AllowEndpointDomainPrompt Property of UAClientSessionParameters Class.

In OPC Wizard applications, the individual interaction types can be controlled as follows:

• Own OPC UA Application Certificate. This prompt can be turned off or on by the AllowUserInteraction Property of the EasyUAApplication.ApplicationParameters.InstanceCertificateGenerationParameters. See also Providing OPC UA Application Instance Certificate.
• Peer OPC UA Application Certificate. This prompt can be turned off or on by the AllowUserAcceptCertificate Property of CertificateAcceptancePolicy Property of EngineParameters Property of EasyUAServer.SharedParameters Property. See also Trusting OPC UA Peer Instance Certificate.