Managing trusted certificates
Cumulocity allows devices to connect via MQTT protocol using a X.509 certificate for authentication. To do so, a certificate must be trusted by Cumulocity. A certificate is trusted when it is added to the trusted certificates and is in activated state.
Click Trusted certificates in the Management menu in the navigator.
All certificates owned by the tenant will be displayed.
The Status column indicates if the certificate is enabled or disabled. At any given time a tenant can have any number of enabled or disabled certificates. Expand a certificate by clicking the arrow icon at the right to view more details.
The information in the table at the right side is extracted from the provided certificate. The content is read-only and cannot be changed.
To add a certificate
Before adding a new trusted certificate, make sure that:
- It is a X.509 certificate in PEM format.
- It is in version 3.
- It contains
BasicConstraints:[CA:true]
. - It has not already been uploaded to Cumulocity.
- It is still valid (not expired).
To add a certificate perform these steps:
- Click Add trusted certificate at the right of the top menu bar.
- In the resulting dialog box, provide the following information:
Field | Description |
---|---|
Certificate name | User-provided name for the certificate. This name is not used by Cumulocity and can serve as a description of the certificate. |
Certificate | File containing the certificate in PEM format. Add the file by dropping it into this field or browsing for it in your file system. |
Auto registration | If selected, new devices which use a certificate signed by the authority owning this trusted certificate will automatically be registered. The option does not support devices using the LWM2M protocol. |
Enabled/ Disabled | When disabled, devices which use a certificate signed by the authority owning this certificate, will not be able to connect. |
- Click Add Certificate to validate and save the certificate.
To edit a trusted certificate
In the detail view of a certificate you may change the parameters on the left, that is, the certificate name, and the settings for the auto registration and enabled/disabled option.
For details on the fields, see the description on adding certificates above.
To delete a trusted certificate
To permanently delete a certificate from the trusted certificates list, click the delete icon at the right of the respective entry and in the context menu click Delete. The certificate will be permanently deleted.