First of all protect the project in TIA with User and Password.
Activate the OPC UA Server.
Activate the property “use global security setting for certificate manager”
Choose an security policies
Create a Server Certificate in TIA as following:
Server Certificate is now created.
Export the Server Certificate.
Export the Server Certificate.
Link the Certificate also with the plc communication certifate.
In the User authentication enable the option “enable user name and password authentication” and enter user and password.
Take the OPC UA Server certificate to the zenon project and rename it to PLC-1OPCUA-1-5.der
Create a OPC UA Client and set the “tia”user and the security settings from TIA OPC Server
Copy the OPC UA Server Certificate to the Cert driver folder in the Engineering studio folder
Link the OPC UA Server in the OPC UA Client Configuration
Copy the OPC UA Certifcate “OPCUA32.der” to the OPC UA Server and import the Certificate via TIA portal
add the OPC UA client to the trusted clients in TIA portal

A license has to be also hier chosen
Compile the project and load it to the device (PLCSIM or PLC)
Import the variables from the OPC UA Server