SSL/TLS Enable the Ignition Web Server
Ignition supports certificates from both your organization's internal CA, as well as commercial CAs (Verisign, GoDaddy, Comodo, etc.).
Review the following list for the required certificates:
- Private Key
- Certificate Signed By A Certificate Authority (CA)
- Any Intermediate CA Certificates (Provided by your CA)
- Root CA Certificate (Provided by your CA)
Follow the steps outlined in the Ignition Secure Communication (SSL / TLS) document using the Certification wizard to import the certificates needed to SSL enable the Ignition Web Server.
Once configured, you will be able to view the SLL/TLS Certificate details which should be displayed similar to the image below:
Configure MQTT Distributor to use SSL/TLS
Once the Ignition Web Server has been SSL enabled, enable SSL/TLS for MQTT Distributor by selecting the "Enable TLS" configuration setting under TLS Setting section for MQTT Distributor.
Click Save to confirm the configuration update.
Configure MQTT Engine and MQTT Transmission to use SSL/TLS
Once TLS has been enabled for MQTT Distributor, the only change required for MQTT Engine and MQTT Transmission to connect to Distributor over SSL/TLS is to update the MQTT Server URL.
Update each of the servers with the appropriate MQTT Server URL for your environment. For example, 'ssl://localhost:8883'
For MQTT Transmission, navigate to the Servers Settings Main section and update the URL as shown below:
For MQTT Engine, navigate to the Servers Settings Main section and update the URL as shown below:
At this point MQTT Engine and MQTT Transmission should show they're connected to MQTT Distributor over SSL/TLS.