05/09/2025
How-to | HMI

How to create a secure connection to the ctrlX OPC UA Server using HELIO

Introduction

Creating a secure OPC UA connection to a ctrlX CORE is the recommended method for accessing data from ctrlX OS - PLC. The ctrlX OS - OPC UA Server provides secure and standardized communication between HELIO and the PLC.

Requirements

Step-by-Step Guide

Step 1

Ensure that the OPC UA Server app is installed and correctly set up on your ctrlX CORE.

Step 2

The next step is to log in to the HELIO app, create a new project or edit an existing one.
Then, switch to the Editorial view and navigate to the Data Source Explorer, where you will add an OPC UA connection.

Fig. 1.: Data Source Explorer


Now it's time to configure the connection. By default, the pop-up window appears as follows:

Fig. 2.: OPC UA Name and URL


You can choose any name for the OPC UA connection. For the URL, it’s recommended to use either the IP address or localhost (or 127.0.0.1) to work IP independent.
Using opc.tcp://ctrlX-CORE:4840 is not recommended with this version of HMI Project - HELIO app!

The OPC UA server prefers a secure connection. After checking the box, selecting Sign, and expanding the Server configuration, it should look like this:

Fig. 3.: Secure Connection


Step 3

We need to establish trust between the OPC UA server and the client in HELIO. To do this, press button "Fetch" to trigger the certificate exchange. An error will be shown as certificates are not trusted at this point, that can be ignored.

Then go back to the ctrlX OS web UI β†’ Settings β†’ Certificates and Keys β†’ OPC UA Server and trust the certificate.

Fig. 4.: OPC UA Certificates

Now, when we return to HELIO:

Step 4

The final step is to ensure that HELIO uses the correct credentials to communicate with the server. By default, the server requires username and password authentication.
Enter the credentials for the ctrlX OS hosting the OPC UA server.

Fig. 5.: OPC UA User Credentials

By clicking the Test button, you can verify if the connection is working.
If no issues are detected, selecting Create Connection will establish the connection and add it to the PLC connection tree.

Fig 6.: UPC UA Tree

Disclaimer for OPC UA Security Mode: NONE Secure Endpoint

Users who have the NONE secure Endpoint selected inside the OPC UA Server Endpoint Configuration will follow a slightly different process to establish the connection.

With this configuration, the first noticeable difference appears in the steps shown in Fig. 3 HELIO will automatically fetch the certificate.
However, user credentials are still necessary to complete the connection.
If you repeat the steps from Fig. 5 without providing them, an error will occur.

Fig. 7: BadSecurityChecksFailed

To resolve this, go to the ctrlX OS web UI β†’ Settings β†’ Certificates and Keys β†’ OPC UA Server and trust the certificate. (Fig. 4).


2
Types
How-to
Products
HMI
Markets
Manufacturing
Robotics

Latest published/updated articles