Quick start

Build an HttpsTransport, wire it into ClientBuilder, and connect to an opc.https:// endpoint. Three steps.

01
Build the transport

Both opc.https:// and plain https:// URLs are accepted as endpointUrl; the constructor normalises to https:// internally.
02
Plug it into `ClientBuilder`

The Client::connect() flow detects the external secure channel via HttpsTransport::isSecureChannelExternal() === true and skips the OpenSecureChannel handshake. TLS is the secure channel. Username/Password identity is used here because UA-.NETStandard filters Anonymous out of HTTPS endpoints when mTLS is off.
03
Use the client as usual

Every OPC UA service call becomes one HTTPS POST under the hood.

With mutual TLS

php mTLS configuration

$transport = new HttpsTransport(
    httpClient: new CurlHttpClient(
        verifyTls: true,
        caBundle: '/etc/ssl/certs/ca-bundle.crt',
        clientCertPath: '/certs/client.pem',
        clientKeyPath: '/certs/client.key',
        clientKeyPassword: getenv('CLIENT_KEY_PASS') ?: null,
    ),
    encoding: new BinaryHttpsEncoding(),
    endpointUrl: 'opc.https://server.example:443/UA/',
);

Note

setClientCertificate() on the builder is for OPC UA application-level certificates; mTLS cert / key for the TLS layer go on CurlHttpClient.

Last updated · 2026-06-04

Edit on GitHub Report issue

← Previous

Installation

How HTTPS transport works

Package

Version

Package info

Source Source types Official First-party package maintained by php-opcua itself — the official source. Community Open-source, driven by independent contributors. No central maintainer — verified and trusted. Organization Your organization's own package — internal or private to your team.: Official
Vendor: php-opcua
Package: opcua-client-ext-transport-https
Type: Extension
Last: v4.4.x
Stars: 0
Forks: 0
Changelog: v4.4.x

Open on GitHub

Contributors

Documentation

Package

Version

Quick start

Build the transport

Plug it into `ClientBuilder`

Use the client as usual

With mutual TLS