cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - Want the oppurtunity to discuss enhancements to PTC products? Join a working group! X

Can IoT Gateway MQTT Client use Intermediate Certification Authorities?

MS_10757448
4-Participant

Can IoT Gateway MQTT Client use Intermediate Certification Authorities?

Hi,

 

I am trying to set up an MQTT Client Agent but I cannot get it to recognize the server certificate.

If I disable SSL on the server side and change the MQTT broker URL to "tcp" it connects without issue.

 

I have checked this instruction:

https://learningconnector.ptc.com/tutorial/1651056322726/manage-iot-gateway-certificates?source=search

 

It seems to emphasize that you should put the certs in "Trusted Root Certification Authorities", we have our certs as "Intermediate Certification Authorities", could this be the issue?

We use Thingworx Kepware Server 6.13.

Thankful for any help.
/BR Martin Siverbäck

ACCEPTED SOLUTION

Accepted Solutions

@MS_10757448

 

The MQTT Client uses the Windows cert store for authentication purposes.  The intermediate certificate would need to placed in the computer-level, trusted certificate store. Please take a look at the Kepware knowledge base article in the following link for instructions on how to configure the certificate:

 

Article - CS287282 - How to Configure a Self-Signed Certificate for the IoT Gateway in KEPServerEX / ThingWorx Industrial Connectivity (ptc.com)

 

Thanks,

 

*Chris

View solution in original post

2 REPLIES 2

@MS_10757448

 

The MQTT Client uses the Windows cert store for authentication purposes.  The intermediate certificate would need to placed in the computer-level, trusted certificate store. Please take a look at the Kepware knowledge base article in the following link for instructions on how to configure the certificate:

 

Article - CS287282 - How to Configure a Self-Signed Certificate for the IoT Gateway in KEPServerEX / ThingWorx Industrial Connectivity (ptc.com)

 

Thanks,

 

*Chris

MS_10757448
4-Participant
(To:cmorehead)

Hi,
Thank you, sorry for the delay, I have not yet investigated what I am allowed to do on my server.

From a windows perspective this already works (with parts of the trusted cert store being in the Intermediate store), I can curl without cert issues for example but I understand that I need to move some stuff between the trust stores for this to work.

/BR Martin

Announcements


Top Tags