...
- Server side configuration
- Enable SSL on Chariot
- Set server side certificates and keys (serverCA.crt, server.key, and server.crt) on Chariot
- Add Clients CA certificates (engineCA.crt and transmissionCA.crt) to the Chariot truststore
- Set the ‘Clients Authentication Policy’ on Chariot to “required”
- Client side configuration
- Add the serverCA.crt, engine.key, and engine.crt to the ‘Chariot’ connection on the MQTT Engine side.
- Add the serverCA.crt, transmission.key, and transmission.crt to the ‘Chariot’ connection on the MQTT Transmission side.
Anchor |
---|
| MQTTEngineClientSide |
---|
| MQTTEngineClientSide |
---|
|
MQTT Engine Client Side Configuration
Add the certificates to the MQTT Engine > Servers > Certificates configuration as shown below:
Friendly Name | Certificate Filename | File Description |
---|
ChariotCA_Certificate | serverCA.crt | Chariot CA Certificate |
EngineCertificate | engine.crt | MQTT Engine Certificate |
EngineKey | engine.key | MQTT Engine Private Key |
Update the MQTT Engine > Servers > Settings configuration to use the certificates as shown below:
Configuration Parameter | Setting |
---|
URL | ssl://FQDN:8883 where the FQDN is the Common Name associated with the certificates |
CA Certificate File | ChariotCA_Certificate |
Client Certificate File | EngineCertificate |
Client Private Key File | EngineKey |
Anchor |
---|
| MQTTTransmissionClientSide |
---|
| MQTTTransmissionClientSide |
---|
|
MQTT Transmission Client Side ConfigurationAdd certificates to the MQTT Transmission > Servers > Certificates configuration as shown below:
Friendly Name | Certificate Filename | File Description |
---|
ChariotCA_Certificate | serverCA.crt | Chariot CA Certificate |
TransmissionCertificate | transmission.crt | MQTT Transmission Certificate |
TransmissionKey | transmission.key | MQTT Transmission Private Key |
Update the MQTT Transmission > Servers > Settings configuration to use the certificates as shown below:
Configuration Field | Setting |
---|
URL |
|
CA Certificate File |
|
Client Certificate File |
|
Client Private Key File |
|