Use this template below to upload this root.ca.pem file to Transmission and Engine. Save this file in same location (by default) as your cert.jks file. Return to the KeyStore Explorer application and generate the necessary root.ca.pem file. The certificate chain can be exported from an existing keystore (like the one created here) using the steps below. This requires one to acquire and upload the CA certificates that make up the certificate chain (aka. If using self-signed certificates, the required CA certificates are not known to MQTT clients by default as they would be if the certificate was generated by a real CA. Upload the keystore file created and enter the password.Įxport the Certificate Chain for Client-side Use (self-signed certs only) In the MQTT Distributor Settings, change the configuration for TLS communication from TCP to SSL.
#KEYSTORE EXPLORER MAKE JKS PASSWORD#
Don't forget to enter the Password in the box just above the Java KeyStore File portion. Uncheck the box to Enable the plain TCP connection and check the box under TLS Settings to Enable the TLS port(s). Under Config → MQTT Distributor → Settings page under the General Tab upload the keystore file. Use your browser and login to your Central Gateway (Distributor). Note: Use of a Key Pair/KeyStore password is a constraint of the JKS file and therefore a requirement in the configuration of TLS.įinally, give it a name and location on the filesystem and click Save:Ĭonfiguring MQTT Distributor to use a Keystore
Provide the same secure password you used for the public/private KeyPair earlier. Do so by clicking the save icon in the upper left menu: Note: Use of a Key Pair password is a constraint of the JKS file and therefore a requirement in the configuration of TLS.Īt this point, you can save your KeyStore and specify a KeyStore password. So, make sure you note this password because we'll need to use it as the overall KeyStore password as well. At this point MQTT Distributor requires that the Key Pair passwords match the overall KeyStore password. You will now be asked to specify a password for the KeyPair. It will reflect the Common Name that was specified during the CSR generation and the CA: Now you will be asked to specify the alias. Click the 'Import Key Pair' icon from the KeyStore Explorer menu (the icon with two keys and a blue downward arrow).īrowse to the key and certificate files as shown below and click import: This is the public certificate and the private key that we originally generated. Pull the required components into the KeyStore starting with the public/private KeyPair. Select a 'JKS' as the type as shown below. If so, follow the instructions it provides. It may ask you to modify some of your Java Security settings before starting. Keystore explorer can create a keystore from existing keypair (i.e., certificates) or can generate a private keypair if desired. After installing KeyStore Explorer, open it and you should see something similar to the following. It provides an easy to use graphical interface for creating and manipulating Java KeyStores. It can run on Windows, OSX, or any other OS that can run Java. In this example, we'll show how it can be done using KeyStore Explorer. There are many ways to create a Java KeyStore. Creating a Keystore using Keystore Explorer Whether you are using a certificate issued by a trusted CA (Certificate Authority) or a self-signed certificate, internally MQTT Distributor accesses these certificate(s) via the Java KeyStore file that it is configured to use. This KeyStore must contain the public certificate, the private key, and possibly an intermediate certificate if applicable.
#KEYSTORE EXPLORER MAKE JKS UPGRADE#
If possible, please upgrade to modules version 4.0.4 or higher and follow the default workflow to secure MQTT communication. NOTE: The procedure below is only applicable when running pre-4.0.4 modules. Manually configuring MQTT Distributor to consume a Java Keystore is supported and will work properly when running pre-4.0.4 modules, but it is no longer the recommended process for encrypting MQTT communication.
0 kommentar(er)
