Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Forum
Cirrus Link Modules Docs for Ignition 7.9.x
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
Self-signed certificates can be used with Ignition and the Cirrus Link modules and they are useful for testing environments and non-public networks.
...
Ignition has made it simple to load a self-signed certificate through the Setup SSL / TLS wizard but there are additional steps needed to be able to use that certificate create and use a CA Certificate chain with the MQTT modules.
The CA Certificate chain will comprise of all Intermediate CA certificates, in order, and the Root CA concatenated into a single cert file.
Review the following list for the required certificates:
Follow the steps outlined in the Ignition Secure Communication (SSL / TLS) document using the Certification wizard to import the certificates needed to SSL enable the Ignition Web Server.
You will be warned of a Potential Security Risk and will need to Accept the Risk and Continue
Once configured, you will be able to view the SLL/TLS Certificate details which should be displayed similar to the image below:
Once the Ignition Web Server has been SSL enabled, enable SSL/TLS for MQTT Distributor by selecting the "Enable TLS" configuration setting under TLS Setting section for MQTT Distributor.
Click Save to confirm the configuration update.
...
Construct the CA Certificate chain by concatenating the Intermediate CA file(s) with the Root CA file into a new file.
Note |
---|
The Intermediate CA file should be first in this new file. If you have multiple Intermediate CA Certificates then add them in order before adding the Root CA cert. |
In this example, we have a single Intermediate CA which is the concatenated with a Root CA
Code Block | ||||
---|---|---|---|---|
| ||||
-----BEGIN CERTIFICATE-----
MIIF3TCCA8WgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgYQxCzAJBgNVBAYTAlVT
......
HPdMojd3CnsdLcqfzt582nxlGbfYwpR3Y5XeMSHST2Wq1FLVLA3HE5iLtQAL0bwv
NfKkNSLtui2QpCV0dwY8XX8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF8DCCA9igAwIBAgIJAK7yLN2Y9PrMMA0GCSqGSIb3DQEBCwUAMIGEMQswCQYD
.....
CRTeBexRtq4VSm/Oi5fIT+euBLZTTsDdF+sxzJi9TP60Y0tD
-----END CERTIFICATE----- |
Tip |
---|
If you do not have access to or cannot easily locate your Intermediate and/or Root CA Certificates, follow the steps in How do I find the Self-Signed Certificates loaded for Ignition. |
The MQTT Engine and MQTT Transmission modules will both require the Root CA Certificate chain to be upload and applied. Navigate to the Servers > Certificates section for each module and select Create New Certificate.
Browse to your Root CA Certificate chain file to upload, configure a friendly name and Save Changes.
...
Enable SSL/TLS for MQTT Distributor by selecting the "Enable TLS" configuration setting under TLS Setting section for MQTT Distributor.
...
...