...

Ignition has made it simple to create a self-signed certificate through the Setup SSL / TLS wizard but there are additional steps needed to be able to use that certificate with the MQTT modules. 

Anchor
Ignition Ignition

Ignition

Navigate to Config > NETWORKING > Web Server from the Ignition left hand menu bar and select Setup SSL / TLS

...

Ignition will now show that you have successfully transitioned to self-signed certificate and that SSL /TLS is enabled.

...

Anchor

...

Certificate Certificate

Extract CA Certificate from ssl.pfx file

To allow the MQTT modules to validate the chain of trust for the self-signed certificate, you will need to upload the certificate CA Certificate to each module.

First you will need to extract the certificate CA Certificate chain from ssl.pfx file created in the webserver directory of your installed Ignition system

...

openssl pkcs12 -in ssl.pfx -nokeys -clcerts -nodes -passin pass:ignition | openssl x509 -out cert.pem

Anchor
MQTTModules MQTTModules

MQTT Modules

Anchor
uploadcerts uploadcerts

Upload Certificate

Now you will need to upload this cert .pem certificate for each of the MQTT Engine and MQTT Transmission modules.Navigate  Navigate to the Servers > Certificates section for each module and select Create New Certificate.

Browse to your cert.pem file to upload, configure a friendly name and Save Changes.

Anchor
ConfigureDistributor ConfigureDistributor

Configure MQTT Distributor to use SSL/TLS

Enable SSL/TLS for MQTT Distributor by selecting the "Enable TLS" configuration setting under TLS Setting section for MQTT Distributor.

Click Save to confirm the configuration update.

Anchor
ConfigEngineandTransmission ConfigEngineandTransmission

Configure MQTT Engine and MQTT Transmission to use SSL/TLS

For MQTT Engine and MQTT Transmission to connect to Distributor over SSL/TLS you will need to update each Server configuration.

...