LAB-06 · OPC UA · 4840/tcp
OPC UA: certificate trust list hardening
A loosely-configured OPC UA server in the lab accepts any client certificate. Lock it down, prove the lockdown blocks a known rogue cert, and show the audit trail of a subscription denial.
Duration
75m
Level
intermediate
ISA SL
SL2 · SL3
Track
ot defense
Objectives
- 01Inspect an OPC UA server’s trust list and reject list
- 02Configure mutual TLS with a self-signed CA
- 03Detect a rogue subscription via server audit events
Success criteria
- Hardened server-config XML
- Audit log entry for the rejected client