MQTT Distributor Certificate

Hi,

I have set up a server running Ignition 8.1.3 and I am using the MQTT Distributor Module as the MQTT Broker.
I have Groov RIO set up at another location and I have connected that one to the MQTT Distributor without any difficulties.
However, I would like to enable TLS/SSL for security. What certificate to use here?

As I understand it the MQTT Distributor Module can use the SSL Certificate applied to the Ignition Gateway from version 4.0.4 and up.
I have installed a certificate on the Ignition Gateway and everything is running over HTTPS (8043).

I have tried to use the same .crt file for the Groov RIO for the MQTT connection to the MQTT Distributor Module. However, here I get this status message on the gateway:

image1182×684 129 KB

So it looks like the MQTT Distributor is not recognizing the certificate.

Do I need to create a specific certificate for the Groov RIO? If so, how do I add that to the MQTT Distributor so that it recognises the Certificate?

I am definitely in uncharted territory so any help is much appreciated.

Is the SSL certificate installed on the Ignition Gateway hosting Distributor real-signed (e.g., Digicert CA) or self-signed (test/internal CA)? If it is real-signed, you shouldn’t need to add any additional certs at the Edge/Groov RIO as the CA should already be trusted. If the certificate is self-signed, you will need to upload the appropriate certificates that make up chain of trust (CA Root certificate and any CA Intermediate certificates) to the Edge/Groov RIO.

If this answer doesn’t help to resolve your issues, I recommend reaching out to support@cirrus-link.com so we can setup a call to review your certificate setup and configuration together.