Secure communication with SSL/TLS

Use SSL/TLS to encrypt communication between the client and broker.
SSL/TLS provides these options:
IMPORTANT: Ensure that the certificate can be accessed by Windows Local Service.
  • CA signed server certificate
     is used for one-way authentication. When the broker presents its digital certificate to the client, the client will establish a secure connection with the broker without the certificate validation.
  • CA certificate only
     is used for one-way authentication. You need to validate the CA certificate from the broker.
    To use CA certificate only
    1. On
      MQTT Client
      , enable
      SSL/TLS
      , and then select
      CA certificate only
      .
    2. Select , and then select a PEM certificate. If the certificate is in PFX format, enter its password if required to convert it to the PEM format.
  • Self signed certificates
     is used for a two-way authentication. You need to validate the CA certificate from the broker and provide the client certificate for broker authentication.
    To use self signed certificates
    1. On
      MQTT Client
      , enable
      SSL/TL
      S, and then select
      Self signed certificates
      .
    2. Select under
      Incoming Certificate from MQTT Broker
      , and then select a PEM certificate. If the certificate is not in PEM format, enter its password to convert it to the PEM format.
    3. Select under
      Outgoing Certificate to MQTT Broker
      , select a PFX certificate, and then enter its password.
      If the certificate is not in PFX format,
      1. In
        Change Certificate
        , select
        Convert From Other Format
        .
      2. In
        Select Certificate
        , do one of the following:
        • Use the outgoing certificate from the OPC UA interface.
        • Add a public key and a private key, and then enter the password of the private key if it is required.
      3. Select
        OK
        .
    4. (optional) Select
      Create CSR
       to obtain a new certificate from a CA as the Outgoing Certificate.
    5. Select
      Extract Public Key
      , and then move the public key to the broker for validation.
    To use the outgoing certificate from the OPC UA interface
    1. On
      MQTT Client
      , enable
      SSL/TL
      S, and then select
      Self signed certificates
      .
    2. Under
      Incoming Certificate from MQTT Broker
      , select , and then select a PEM certificate. If the certificate is not in PEM format, enter its password to convert it to the PEM format.
    3. Under
      Outgoing Certificate to MQTT Broker
      , select .
    4. In
      Change Certificate
      , select
      Convert From Other Format
      .
    5. In
      Select Certificate
      , select the
      Use the outgoing certificate from the OPC UA interface
       checkbox.
    6. Select
      OK
      .
    7. (optional) Select
      Create CSR
       to obtain a new certificate from a CA as the Outgoing Certificate.
    8. Select
      Extract Public Key
      , and then move the public key to the broker for validation.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal