NOTE: The procedure below is only applicable when running pre-4.0.4 modules. Manually configuring MQTT Distributor to consume a Java Keystore is supported and will work properly when running pre-4.0.4 modules, but it is no longer the recommended process for encrypting MQTT communication. If possible, please upgrade to modules version 4.0.4 or higher and follow the default workflow to secure MQTT communication.

Whether you are using a certificate issued by a trusted CA (Certificate Authority) or a self-signed certificate, internally MQTT Distributor accesses these certificate(s) via the Java KeyStore file that it is configured to use. This KeyStore must contain the public certificate, the private key, and possibly an intermediate certificate if applicable. 

...

Finally, give it a name and location on the filesystem and click Save:

Generate a Private Key Pair

If you prefer TLS connection over private networks you may instead generate your own Private Key Pair.  Launch KeyStore Explorer and select 'Create a new KeyStore' of the type 'JKS', then [ OK].  In the background of the Untitled-1 page right click and select 'Generate Key Pair' as below:

Image Removed

Image Removed

Image Removed

Image Removed

Image Removed

Image Removed

Configuring MQTT Distributor to use a Keystore

...

Once the settings are saved, the MQTT client associated with MQTT Engine or MQTT Transmission will connect using TLS.

Additional Resources

• Inductive Automation's Ignition download with free trial
  • https://inductiveautomation.com/downloads/
• Azure Injector download with free trial
  • https://inductiveautomation.com/downloads/third-party-modules
• Questions about this tutorial?
  • Check out the Cirrus Link Forum: https://forum.cirrus-link.com/
  • Contact support: support@cirrus-link.com
• Sales questions
  • Email: sales@cirrus-link.com
  • Phone: +1 (844) 924-7787
•  About Cirrus Link
  • https://www.cirrus-link.com/about-us/