MindConnect IoT Extension allows devices to connect via MQTT protocol using a X.509 certificate for authentication. To do so, a certificate must be trusted by MindConnect IoT Extension. A certificate is trusted when it is added to the trusted certificates and is in activated state.
Click “Trusted certificates” in the “Management” menu in the navigator. All certificates owned by the environment will be displayed.
The icon on the left of each entry indicates if the certificate is active (Green) or inactive (Red). At any given time, a environment can have any number of active or inactive certificates.
Expand a certificate by clicking the arrow icon at the right to view more details.
The information in the table at the right side is extracted from the provided certificate. The content is read-only and cannot be changed.
Adding a certificate¶
Before adding a new trusted certificate, make sure that:
- It is a X.509 certificate in PEM format
- It is in version 3
- It contains BasicConstraints:[CA:true]
- It has not already been uploaded to MindConnect IoT Extension
- It is still valid (not expired)
To add a certificate, proceed as follows:
Click Add trusted certificate at the right of the top menu bar.
In the resulting dialog box, provide the following information:
|Certificate name||User-provided name for the certificate. This name is not used by MindConnect IoT Extension and can serve as a description of the certificate.|
|Certificate||File containing the certificate in PEM format. Add the file by dropping it into this field or browsing for it on your computer.|
|Auto registration||If selected, new devices which use a certificate signed by the authority owning this trusted certificate will automatically be registered.|
|Enabled/Disabled||When disabled, devices which use a certificate signed by the authority owning this certificate, will not be able to connect.|
3.Click “Add Certificate” to validate and save the certificate.
Managing a certificate¶
In the detail view of a certificate, you can change the parameters on the left, i.e., the certificate name, and the settings for the auto registration and enabled/disabled option.
To permanently delete a certificate from the trusted certificates list, click the menu icon at the right of the respective entry and in the context menu click "Delete".