EasyManua.ls Logo

Softing dataFEED Series - 4.4 Azure IoT OPC Proxy

Softing dataFEED Series
47 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
© Softing Industrial Automation GmbH 19
Chapter 4 - IT Settings
4.3.3 MQTT Security Settings
Certificate usage for the MQTT protocol is similar to HTTPS. The client verifies the identity of the server by
evaluating the certificate provided by the server. Therefore the client in advance needs to know the complete
chain of the server certificates to trust.
If a certificate chain file has been located in the Trusted Certificates folder before connection establishment,
then the dataFEED Gateway verifies the identity of the MQTT Broker using this certificate chain. If the MQTT
Broker fails to proof its identity with the provided certificate, then the MQTT connection will not be completely
established. If there is no certificate stored in the Trusted Certificates folder, then the verification of the MQTT
Broker identity is disabled.
For the dataFEED Gateway the MQTT Security Settings view allows to manage existing certificates, to upload new
certificates and to display certificate properties in a table.
Upload new certificate
To ease certificate management, the MQTT Publisher in the dataFEED Gateway stores each new client certificate
in the New Certificates folder using the PEM format. Additional PEM format certificates can be uploaded in the
dataFEED Gateway using the Browse... button.
PEM format certificate files may contain more than one certificate. For the MQTT protocol the complete chain of
trusted certificates is expected in the PEM file.
Download a certificate chain from the server
By using the Get certificate from server ( ) button, the dataFEED Gateway uses the openssl command to fetch
the whole certificate chain from the server into the New Certificates folder.
Note
The openssl command only is available fir IPv4 connections.
Declare a certificate trusted
To declare a certificate trusted, move it into the Trusted Certificates folder. To do so, select the certificate and
click the Move to trusted folder ( ) button.
Only one trusted certificate is allowed to be stored in the Trusted Certificates folder.
Note
Check the certificate's fingerprint to make sure you declare the correct certificate trusted.

Table of Contents