Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server.pem -days 3650 --outform PEM

Configuration

You now have all the files required to configure your client and server (broker) for TLS authentication.

  1. You will need to provide ca.pem to both your client and server.

  2. You will need to provide server.key and server.pem to your server.

Client

In older versions of eACM, you must copy (scp) your ca.pem to the host where eACM is installed and reference the path to it in your TLS Settings object (MQTT app) or the Broker 1/2 tab of your Node object (Edge Manager). Assign ca.pem to the CA File property of the object.

In newer versions of eACM, you can upload your ca.pem using the TLS Settings object form or Node object form. Assign ca.pem to the CA File property of the object.

Server (Broker)

The broker configuration will be different for each broker. Example for mosquitto:

Code Block
per_listener_settings true

listener 8883
allow_anonymous false
require_certificate false
certfile C:\Users\myuser\Documents\certs\server.pem
keyfile C:\Users\myuser\Documents\certs\server.key
cafile C:\Users\myuser\Documents\certs\ca.pem
password_file C:\Users\myuser\Documents\mosquitto\user-passwd.txt