Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
...
Now we are ready to setup SSL connections between two clients (MQTT Engine and Transmission) and the Chariot Server. Here is a summary of what needs to be done:
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Navigate to CONFIGURATION > System > Certificates configuration and upload the files as shown below. Once uploaded, select the Setup SSL button.
...
Navigate to CONFIGURATION > MQTT Server configuration and Enable Secure as shown below. Select the Update button to save the configuration.
Anchor | ||||
---|---|---|---|---|
|
By default Chariot comes with an empty truststore file clientcerts.jks which is located in the <chariot_install_dir>/security folder.
...
Code Block | ||
---|---|---|
| ||
Keystore type: PKCS12 Keystore provider: SUN Your keystore contains 2 entries Alias name: engineca Creation date: Mar 1, 2023 Entry type: trustedCertEntry Owner: EMAILADDRESS=ilya.binshtok@cirrus-link.com, CN=MacBook-Pro.local, OU=MQTT Engine CA, O=Cirrus Link, L=Overland Park, ST=Kansas, C=US Issuer: EMAILADDRESS=ilya.binshtok@cirrus-link.com, CN=MacBook-Pro.local, OU=CA, O=Cirrus Link, L=Overland Park, ST=Kansas, C=US Serial number: b1d46c8c88db5c8e Valid from: Wed Mar 01 10:37:08 CST 2023 until: Sat Feb 26 10:37:08 CST 2033 Certificate fingerprints: SHA1: FE:3B:A0:A1:2D:AF:92:F3:A1:3C:8D:76:ED:8F:05:47:EE:A1:59:E2 SHA256: 8C:43:80:B8:14:90:7D:EB:89:69:58:FA:76:29:3D:50:8F:3D:8F:7E:D5:8F:C9:7C:5B:97:0E:DC:0E:E8:D6:3A Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 1 ******************************************* ******************************************* Alias name: transmissionca Creation date: Mar 1, 2023 Entry type: trustedCertEntry Owner: EMAILADDRESS=ilya.binshtok@cirrus-link.com, CN=MacBook-Pro.local, OU=MQTT Transmission CA, O=Cirrus Link, L=Overland Park, ST=Kansas, C=US Issuer: EMAILADDRESS=ilya.binshtok@cirrus-link.com, CN=MacBook-Pro.local, OU=CA, O=Cirrus Link, L=Overland Park, ST=Kansas, C=US Serial number: b1d46c8c88db5c8f Valid from: Wed Mar 01 16:50:36 CST 2023 until: Sat Feb 26 16:50:36 CST 2033 Certificate fingerprints: SHA1: 01:FD:41:DF:AE:CE:28:A4:16:F8:3E:66:E7:71:FE:88:2F:98:1B:86 SHA256: 9F:BC:1D:10:43:9C:F7:BE:D6:07:58:E1:DD:9D:09:0E:0D:01:82:37:DC:8E:FA:9A:3B:46:1A:98:1E:52:39:AE Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 1 ******************************************* ******************************************* |
Anchor | ||||
---|---|---|---|---|
|
Using a text editor, set the "clientAuthPolicy" to "required" in the <chariot_install_dir>/conf/com.cirruslink.chariot.server configurationfile.
...
Warning |
---|
You will now need to restart the Chariot service to pickup up the configuration changes |
Anchor | ||||
---|---|---|---|---|
|
Anchor | ||||
---|---|---|---|---|
|
Add the certificates to the MQTT Engine > Servers > Certificates configuration as shown below:
...
Update the MQTT Engine > Servers > Settings configuration to use the certificates as shown below and setting the URL to be ssl://FQDN:8883 with the FQDN of the Chariot Server. Click the Save Changes button to save the configuration.
Anchor | ||||
---|---|---|---|---|
|
Add certificates to the MQTT Transmission > Servers > Certificates configuration as shown below:
...
Update the MQTT Transmission > Servers > Settings configuration to use the certificates as shown below. Click the Save Changes button to save the configuration.
Anchor | ||||
---|---|---|---|---|
|
From the left hand menu bar, navigate to Config > MQTT Engine > Servers and note the Status as Connected.
...