Create and Deploy Standalone OPC UA Application

This topic shows how to create and deploy a standalone application that uses OPC UA functionality. Before R2025a, you can use the general workflow to create a standalone application. For more information, see Create Standalone Application from MATLAB (MATLAB Compiler) and Create Standalone Application Using Standalone Application Compiler App (MATLAB Compiler).

Create MATLAB Script File

Create a MATLAB® script or function that uses OPC UA functionality. All scripts or functions that use OPC UA functionality must include %#function getSecret. Additionally, when you connect to a server for the first time, add the server certificate to the MATLAB OPC UA client's trusted certificate store using the opc.ua.trustServerCertificate function.

This example considers a script that creates an OPC UA client, connects to the server, and displays the client properties. The server certificate myServerCertificate.der is included in the current working directory. The script file is saved as opcUaClient.m.

%#function getSecret
opc.ua.trustServerCertificate("./myServerCertificate.der");
uaClient = opcua("localhost",53530);
connect(uaClient);
disp(uaClient);

Create and Package Standalone Application Using mcc

Since R2025a

Before packaging your saved script as a standalone application, you must create a password to encrypt the private key of the OPC UA client certificate. This password must then be embedded in the deployed archive using a secrets manifest file. Follow these steps to package a standalone OPC UA application.

  1. In the command window, set the private key password with the secret name OPCUAPrivateKeyPassword using the setSecret function.

    setSecret("OPCUAPrivateKeyPassword")
    In the Secret Prompt dialog box, enter a private key password and click OK. This private key password encrypts the private key of the new application instance client certificate that is generated for the standalone application.

    password prompt for OPC UA

    Note

    Security Considerations: Industrial Communication Toolbox™ does not package the MATLAB OPC UA client application instance certificate and its private key. Instead, a new application instance client certificate and private key are generated for the standalone application.

  2. Create a secret manifest file named secrets_manifest.json that specifies which secrets in the MATLAB vault to embed in the deployable archive. All OPC UA related applications must embed the secret named OPCUAPrivateKeyPassword. If your script file has other secrets that must be embedded in the deployable archive, add your secret name in the manifest file as a row element in the secret array. 

    {
   "Embedded": {
     "description": "All secret names specified in this section will be put into the deployed app.",
     "secret": ["OPCUAPrivateKeyPassword"]
     }
}

  3. The working directory should now contain the saved script file, the server certificate file, and the secrets manifest file. To compile your files for deployment:

    • Use the mcc -m (MATLAB Compiler) option to compile the specified M-file into a standalone application.

    • Use the mcc -J (MATLAB Compiler) option to specify the JSON secret manifest file.

    • Use the mcc -a (MATLAB Compiler) option to add the server certificate file to the deployable archive.

    mcc -m opcUaClient.m -a myServerCertificate.der -J secrets_manifest.json

mcc generates a standalone application named opcUaClient in your working directory. The file extension depends on the platform used to generate the application.

Note

The generated standalone executable does not include MATLAB Runtime or an installer. To create an installer that installs the application and MATLAB Runtime, use the compiler.package.installer (MATLAB Compiler) function.

Run OPC UA Application

Test that the application runs in MATLAB. When running the application for the first time in a machine, verify that the new client certificate generated for the standalone application is trusted by the server.

!opcUaClient
OPC UA Client:

   Server Information:
                       Name: 'SimulationServer@localhost'
                   Hostname: 'localhost'
                       Port: 53530
                EndpointUrl: 'opc.tcp://localhost:53530/OPCUA/SimulationServer'

   Connection Information:
                    Timeout: 10
                     Status: 'Connected'
                ServerState: 'Running'

   Security Information:
        MessageSecurityMode: SignAndEncrypt
      ChannelSecurityPolicy: Aes256_Sha256_RsaPss
                  Endpoints: [1×11 opc.ua.EndpointDescription]

   Server Limits:
              MinSampleRate: 0 sec
               MaxReadNodes: 0
              MaxWriteNodes: 0
        MaxHistoryReadNodes: 0
    MaxHistoryValuesPerNode: 0

If you want to run the application on another machine, you must install MATLAB Runtime at the same update level or newer. For more information, see Download and Install MATLAB Runtime (MATLAB Compiler).

(Not recommended) Store Private Key Password in Environment Variable

As an alternative to packaging secrets within the archive, you can store secret values in environment variables on the target platform. For instance, if your deployed code runs on a Windows® machine, set the environment variable as OPCUAPrivateKeyPassword and its corresponding value as the intended private key password. You can expose your system to security risks when you set your password in the environment variable. Use this method only in a trusted environment.

Package only the script file and server certificate file into a standalone application using mcc. 

mcc -m opcUaClient.m -a myServerCertificate.der

mcc generates a standalone application named opcUaClient in your working directory. After you set the value for the environment variable OPCUAPrivateKeyPassword on the target machine, you can run this application.

See Also

(MATLAB Compiler) | | | (MATLAB Compiler)

Topics