Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel2
minLevel2
typeflat
separatorpipe

Info

While MQTT Publishing can occur without using a secure connection, AUTOSOL suggests using TLS certificates for MQTT publishing

to function

in all production environments. It is highly advisable to take these steps before continuing ACM Monitor TLS setup:

  1. Work with a qualified security professional to determine the best means of securing MQTT communications for your use case. AUTOSOL support cannot provide security advice.

  2. Configure the MQTT broker according to your needs. Note: ACM requires use of a TLS certificate.

  3. Test using a third party MQTT client with support for certificates and Sparkplug B. AUTOSOL used Node-RED during testing, among others.

Certificate configuration in particular tends to be the most problematic area of MQTT setup. Taking these steps, with the help of a qualified security professional, will greatly simplify ACM configuration.

...

General Tab

After the MQTT Publisher form opens, click the “plus” button button ( :addbroker: Image Added)to add a new profile with your requirements.

...

The MQTT identifier for a client connecting to an MQTT broker. This must be unique from other clients sharing the same broker(s), including other ACM installations. By default, it is auto generated but can also be manually updated to something more human readable. A new, random client ID can be generated by clicking the "cog" button ( :cog: Image Added) to the right of the client ID box.

...

The Authentication tab properties allow entry of username and password, if authentication is required by the broker.

SSL/TLS Tab

...


Image Added

Secure Connections

By default, the Use a secure connection is selected enabling configuration of SSL/TLS options. For non-production environments, the Do not use a secure connection option can be used for testing.

ACM currently provides supports three categories of TLS certificates:

...

1. CA Signed Server Certificate

Image RemovedImage Added

Use the CA signed server certificate option when there is already a CA signed certificate uploaded server side (broker) and the same cert is used for client authentication. There is no need to upload a certificate here.

2. CA Certificate file

Image RemovedImage Added

The CA certificate used in server side (broker) should be used here and must be in PEM format. Intermediate certificates can also be used here but they must be combined into a single bundle in PEM format.

3. Self Signed Certificates

Image RemovedImage Added

This option is used when both client & server require mutual authentication. The client certificate must be signed by the same CA certificate as the broker. The CA file must be in PEM format. The client certificate file combined with its key file must be uploaded in PFX format. The passphrase can also be given if the client certificate is password protected.

...