Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

AppManager now has MQTT TLS settings for configuration.

The main node contains the properties for the connection.

You have two broker connections available.

Warning: Changing any of the Node level settings incorrectly for either UAM or an Edge Node, can result in loss of communication to a broker.

You can hover over the property name on the left column to see the details about the property.

Certificates Explained

The TLS Broker connection works in the following way

  • The CA File is required and must be the same CA File used by the Broker in its TLS Settings

    • If only the CA File is uploaded, it can be used on its own if the Broker settings allow anonymous connections.

  • If you upload a Client Certificate, you will also need to upload the Client Private Key that goes with it.

    • If the Client Private Key is encrypted, you will need to enter the Private Key Password

  • If Verify Certificate is checked, the Broker’s certificate signature will be verified against the CA file you uploaded

    •  If this is not checked, it is impossible to guarantee that the host you are connecting to is not impersonating your server. This can be useful in initial server testing, but makes it possible for a malicious third party to impersonate your server through DNS spoofing, for example.

Broker 1 and 2 Explained

After the server starts, or when the Restart MQTT Client option under the Node commands gets ran, the settings will be checked and the following logic will execute.

  • If Broker 1 is enabled, and the connection fails, it will attempt another connection after the Broker1 → Connection Retry Interval time set.

  • After the Broker 1 → Connection Retries are exhausted, the Broker 2 settings, if enabled, will be used.

  • The logic repeats for Broker 2, and then switches to Broker 1, indefinitely if both broker connections are enabled.

  • If Broker 1 was not enabled, Broker 2 is checked first, and the reconnection will continue forever only for the one enabled broker.

  • If no brokers are enabled, no client connections will be attempted.

  • No labels