Add a Device Certificate

a device certificate (or ssl certificate) is a digital certificate that provides proof of the device's identity (manufacturing connect edge instance) a device certificate for your manufacturing connect edge instance is not required as the connection is already secured with an automatically generated self signed certificate refer to the self signed certificates and device certificates sections in docid\ ka6 o76wr7o2kwbw jf53 for more information ssl certificate workflow refer to the image and descriptions below to review the process of adding an ssl certificate to manufacturing connect edge (mcedge) or manufacturing connect (mc) step 1 you will need to request an ssl certificate from your it team step 2 your it team will make a request for the ssl certificate from a certificate authority (ca) (for example, digicert) step 3 the ca will return the following to your it team the root ca certificate file any required intermediate certificates the ssl certificate file step 4 the it team will send you the following the root certificate file any required intermediate certificates the ssl certificate file the private key file step 5 you will apply the following in either manufacturing connect edge (see steps below) or manufacturing connect (see docid\ r5mswu8zwchu2s5t33v6l ) the ca chain file (root ca file and all intermediate certificates) the ssl certificate the private key file you can add a device certificate by navigating to system > certificates before you begin before you complete the steps below, make sure you do the following verify you have admin credentials for manufacturing connect edge have access to a linux system verify that the the certificate you upload is an nginx certificate submit the certificate signing request in manufacturing connect edge to a certificate authority and subsequently receive the device certificate with all required parameters (ca chain and private key) see docid\ vmh0v2bptplvnnrcnrdpf for details confirm with your it department if you require a custom ca certificate to be uploaded to manufacturing connect edge before you add a device certificate if you need to upload a custom ca certificate, see docid\ k0l iimqa7mflnvrus5qj for details step 1 create a backup of your device you will first need to create a backup of your device in case you need to recover its configuration settings follow the steps to docid 81hszehhvdwsq0eabw1z step 2 generate key certificates you will need to collect the following parameters to create the device certificate ssl certificate the public key certificate associated with the device certificate you will receive the ssl certificate from the certificate authority after submitting the manufacturing connect edge certificate signing request ca chain the certificate authority's chain of certificates that validates the device certificate's public and private keys when validating this parameter, make sure it includes all intermediate certificate authorities private key the private key certificate associated with the device certificate you will receive the private key from the certificate authority after submitting the manufacturing connect edge certificate signing request to successfully submit the private key, ensure the following the private key is an rsa private key if the private key is not rsa, you will need to convert it using openssl you can use the following command openssl rsa in \<old file name> out \<new file> the private key is not encrypted if the private key is encrypted, follow up with your it department to decrypt it the steps below are an example to generate certificates locally you can obtain them from your organization’s it department note this action must be performed in a linux system outside manufacturing connect edge to generate key certificates log in to a linux system enter the following command docker run name servercerts v /users/projects/docs/data/certificates/cert /certs e ca expire=365 e ssl expire=365 e ssl key=server key pem e ssl cert=server cert pem e ssl csr=server csr e ssl subject=localhost paulczar/omgwtfssl open the private key file in an editor of your choice to check if the key file is rsa the first line should look like this \ begin rsa private key step 3 add the device certificate you will now need to add the device certificate in manufacturing connect edge to add a device certificate navigate to system > network click the certificate tab from the device certificates section, click the add icon the add certificates dialog box appears for ssl certificate , ca chain , and private key fields, do one of the following click the upload icon and select the certificate/key file paste the certificate/key into the field click submit step 4 restart the system the final step is to restart the system and verify the certificate appears in the certificates pane to restart the system from the certificates pane, navigate to system > device management the device management pane appears from the manage section, click reboot the system reboots once the system has restarted, log in and navigate to system > certificates verify the certificate appears in the certificates pane