Skip to main content
M
MS_107574484-Participant
4-Participant
August 15, 2023
Solved

Can IoT Gateway MQTT Client use Intermediate Certification Authorities?

  • August 15, 2023
  • 1 reply
  • 1695 views

Hi,

 

I am trying to set up an MQTT Client Agent but I cannot get it to recognize the server certificate.

If I disable SSL on the server side and change the MQTT broker URL to "tcp" it connects without issue.

 

I have checked this instruction:

https://learningconnector.ptc.com/tutorial/1651056322726/manage-iot-gateway-certificates?source=search

 

It seems to emphasize that you should put the certs in "Trusted Root Certification Authorities", we have our certs as "Intermediate Certification Authorities", could this be the issue?

We use Thingworx Kepware Server 6.13.

Thankful for any help.
/BR Martin Siverbäck

Best answer by cmorehead

@MS_10757448

 

The MQTT Client uses the Windows cert store for authentication purposes.  The intermediate certificate would need to placed in the computer-level, trusted certificate store. Please take a look at the Kepware knowledge base article in the following link for instructions on how to configure the certificate:

 

Article - CS287282 - How to Configure a Self-Signed Certificate for the IoT Gateway in KEPServerEX / ThingWorx Industrial Connectivity (ptc.com)

 

Thanks,

 

*Chris

1 reply

C
cmorehead13-AquamarineAnswer
13-Aquamarine
August 17, 2023

@MS_10757448

 

The MQTT Client uses the Windows cert store for authentication purposes.  The intermediate certificate would need to placed in the computer-level, trusted certificate store. Please take a look at the Kepware knowledge base article in the following link for instructions on how to configure the certificate:

 

Article - CS287282 - How to Configure a Self-Signed Certificate for the IoT Gateway in KEPServerEX / ThingWorx Industrial Connectivity (ptc.com)

 

Thanks,

 

*Chris

M
MS_107574484-ParticipantAuthor
4-Participant
August 24, 2023

Hi,
Thank you, sorry for the delay, I have not yet investigated what I am allowed to do on my server.

From a windows perspective this already works (with parts of the trusted cert store being in the Intermediate store), I can curl without cert issues for example but I understand that I need to move some stuff between the trust stores for this to work.

/BR Martin

Terms & ConditionsCookie settingsAccessibility statement