Cirrus Link Website
Contact Us (Sales/Support)
Forum
Chariot MQTT Server Documentation
Cirrus Link Modules Docs for Ignition 8.x
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
...
As of module release version 3.4.0.47, the Cirrus Link MQTT Distributor module is capable of reusing the existing Ignition web server SSL certificates to secure your MQTT communication. This is the recommended process to secure your MQTT communication using SSL/TLS. If using modules versioned before 3.4.0.47, the details here will help you through this process.
...
Once the Ignition Web Server has been SSL enabled, enable SSL/TLS for MQTT Distributor by checking the "Enable TLS" configuration setting under Config→MQTT Distributor→Settings→General→TLS Settings. Click Save to confirm the configuration update.
...
The screenshot below shows MQTT Transmission configured for SSL/TLS. Configure MQTT Engine to use SSL/TLS in the same way.
At this point, MQTT Engine and MQTT Transmission should show they're connected to MQTT Distributor over SSL/TLS.
| Anchor | ||||
|---|---|---|---|---|
|
If running pre-4.0.4 modules, your Ignition web server is not SSL/TLS enabled, you're using self-signed certificates or the default workflow above did not work as expected, read on to see Secure MQTT Communication (SSL/TLS) and variations on the standard process for enabling SSL/TLS.
...
This step should only be necessary if you're running pre-3.4.0.4 7 modules. The steps below will show how to create a Java keystore (JKS) containing all appropriate certificates and how to configure MQTT Distributor to use this keystore.
If running pre-3.4.0.4 7 modules and your Ignition web server is SSL/TLS enabled, you can create the necessary Java keystore (JKS) file from the existing Ignition keystore (<Ignition_Install>\webserver\ssl.pfx). This can be done easily using the KeyStore Explorer tool to convert the Ignition keystore of type PKCS #12 to a Java keystore of type JKS. The details here will help you through this process.
If running pre-3.4.0.4 7 modules and your Ignition web server is not SSL/TLS enabled, you will need to create a Java keystore from scratch using the KeyStore Explorer tool. The details here will help you through this process.
...
To upload the certificate chain (aka. "chain-of-trust") to MQTT Engine and MQTT Transmission, launch the Ignition Web Portal, navigate to the "Servers" tab in the module configuration for each module, click on the "Certificates" tab and click 'Create new Certificate' to bring up the creation UI. Next, choose the certificate to upload, give it a friendly name like 'CaChain' and click 'Save'. The two screenshots below show configuration specific to MQTT Transmission. Configure MQTT Engine certificates in the same way.
Associate the certificate just uploaded to each module by setting the 'CA Certificate File' configuration setting to be equal to the certificate created. Click 'Save'.
MQTT Engine and Transmission should now show connected to Distributor over SSL/TLS. If the connection is unsuccessful, review the steps in the default workflow to ensure they were completed successfully.
...