Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Certificate Manager

You can upload certificates into Insights Hub to improve the security level. The encryption adds an additional layer of security to MQTT with X509 client certificates. The certificate is valid for the domain of your tenant. You can access the Certificate Manager via the navigation area in Settings.

With the Certificate Manager, you can:

  • Upload and manage PEM certificates on your tenant
  • Download a PEM or CERT certificate to install on assets

Certificate requirements

The operating system assumes no responsibility for the quality of the device certificates.

Uploading the TenantCA certificate through Certificate Manager checks the following requirements for TenantCA certificates:

Note

For any violations, the upload request will be rejected. Users of the Certificate Manager are completely responsible for the quality of their certificates. We do not take any responsibility for the certificate management processes.

Certificate requirement Description
Certificates signing algorithm The device certificate signature algorithm should be SHA2.
Version The certificate version must be at version 2 (indicating X.509 v3).
Key Usage Key Usage extension with keycert Sign bit must be set.
Validity The validity of the certificate should be valid for up to one year. The current date and time should be between Not Before and Not After.
Subject The subject Distinguished Name (DN) is required (e.g, Customer Name (CN)=Robin Miller, Organization Unit (OU)=Unit1, Organization (O)=Siemens, Locality (L)=Erlangen, Country (C)=Germany).
Subject Key Identifier A "Subject Key Identifier" extension is required.
Basic Constraints A "Basic Constraints" extension is required and the Certificate Authority (CA) value must be TRUE to indicate that the Subject Type is CA.

Add new certificate

To add a new certificate to your tenant, proceed as follows:

  1. Click "Configurations" in the left navigation, select "Certificate Manager" and then click "Add certificate" in the top right corner.
  2. Enter a descriptive name.
  3. Upload the CA PEM Certificate.
  4. Upload the Verification PEM Certificate.
  5. Click "Add".

The certificate is successfully added.

Using "Broker info"

You can download a PEM or a CERT certificate using the "Broker info" tab. After downloading the broker certificate, you can install it on your asset via a USB stick, for example.

This will establish the handshake between Insights Hub and your asset, allowing your device to validate the X509 certificate.

Last update: June 13, 2024