Configuring eACM to use Server Authentication

Owned by Dennis Waehner
Last updated: Jan 30, 2024
1 min read

AUTOSOL does not provide this information for use as a source of security advice or best practices.  The use of these examples is done at your own discretion and risk and with agreement that you will be solely responsible for any damage to your computer system or loss of data that results from such activities.

Configuration with Server Authentication

Follow the instructions {link to instruction pages} to create all files required to configure your client and server (broker) for TLS authentication.

  1. You will need to provide ca.pem to both your client and server.

  2. You will need to provide server.key and server.pem to your server.

Client

In older versions of eACM, you must copy (scp) your ca.pem to the host where eACM is installed and reference the path to it in your TLS Settings object (MQTT app) or the Broker 1/2 tab of your Node object (Edge Manager). Assign ca.pem to the CA File property of the object.

In newer versions of eACM, you can upload your ca.pem using the TLS Settings object form or Node object form. Assign ca.pem to the CA File property of the object.

Server (Broker)

The broker configuration will be different for each broker. Example for mosquitto:

per_listener_settings true listener 8883 allow_anonymous false require_certificate false certfile C:\Users\myuser\Documents\certs\server.pem keyfile C:\Users\myuser\Documents\certs\server.key cafile C:\Users\myuser\Documents\certs\ca.pem password_file C:\Users\myuser\Documents\mosquitto\user-passwd.txt

 

For assistance, please submit a ticket via our Support Portal, email autosol.support@autosoln.com or call 281.286.6017 to speak to a support team member.