Contents
Cirrus Link Resources
Cirrus Link Website
Contact Us (Sales/Support)
Inductive Resources
Ignition User Manual
Knowledge Base Articles
Inductive University
Forum
Page History
...
- Generate a RSA key
- This is the private key and used for encryption/decryption of data. Keep this private and don't share it with anyone including the CA. However, the server (MQTT Distributor) will need it to encrypt/decrypt data.
- Create a Certificate Signing Request (CSR)
- Generally the CA can provide instructions on how to generate a CSR. Windows, Linux, and OSX all have tools available for generating a CSR and there is lots of documention documentation online about all of them.
- Make sure the Common Name specified in the CSR matches the server URL (i.e. example.com). Also, do not include www. because this will used for MQTT.
- Give the CSR to the CA
- The CA will then provide back a public certificate for use with MQTT Distributor
- In some cases depending on the CA an intermediate certificate may also be required. If so, the CA will also provide this.
...
- Create the Root Pair
- Create and Sign the Intermediate Pair
- Create and Sign the Server pair
- Make sure the Common Name specified in the CSR matches the server URL that will be used by the clients (i.e. 192.168.1.100). It could also be the network hostname.
Using the Certificate to Secure Communication with MQTT Distributor:
...
At this point, all MQTT clients can now connect over TLS enabled connections. If using a certificate signed by a publicly trusted CA, the clients don't have to make any modifications to their list of trusted root certificates. If using a self-signed certificate there are a few options:
- The root CA cert can be added to the Operation System's list of trusted root certificates
- This means the application doesn't need to handle special cases and
Overview
Content Tools