# UA TCP Endpoint

This section describes the settings associated with the connection point (endpoint). Endpoint determines the connection address and the required security modes that OPC UA clients must use.

{% hint style="info" %}
Monokot OPC Server provides communication for OPC UA clients only using the UA TCP protocol (binary data transfer protocol). Default UA TCP endpoint is opc.tcp\://localhost:43043/MonokotOPC or opc.tcp\://localhost:43043
{% endhint %}

* Port – specifies the port to connect to the UA TCP endpoint (by default 43043)
* Channel Lifetime – specifies the number of milliseconds, after which the server frees up resources for the channel

{% hint style="info" %}
If you use firewall you must add the incoming connections rule for OPC UA clients
{% endhint %}

The TCP UA endpoint allows you to encrypt and verify authenticity of transmitted data and provides the following security policies:

* None – allows for transfer of data without encryption
* Basic128Rsa15, Basic256, Basic256Sha256 – allows you to transfer encrypted data in different modes

After changing and synchronizing the settings described above the OPC UA server will be automatically restarted.

A custom security certificate can be specified for UA TCP Endpoint. To do this, you need to import the certificate from a PFX file. To import a custom security certificate, open the *OPC UA* manager in Monokot Server Administrator and switch to the *UA TCP Endpoint* tab.

![](https://4282443477-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3cwznMbQcEQxtnjiRDYX%2Fuploads%2F3LcbHfi0DyKsikAsNvxW%2FUA%20TCP%20Endpoint%20\(360034746411\)_image-0.png?alt=media\&token=99a9347e-d798-42db-b233-ab14c721b40b)

Click the *Import* button and choose the PFX file. Enter password for the certificate (if no password is used, leave the field empty) and click *OK*. For the changes to take effect on the server, click *Sync* or press the F5 key. The UA TCP Endpoint tab also offers the following possibilities:

* To reissue the security certificate
* To reset the custom security certificate to the server’s default certificate
* To export the certificate (public key) to a CRT file