Certificates

the certificates pane is used to store certificates locally in manufacturing connect edge self signed certificates when your instance of manufacturing connect edge boots up for the first time, a self signed certificate is automatically created because the certificate generated by manufacturing connect edge is self signed, web browsers detect that the certificate is not formally approved by a certificate authority that is why you will get browser warnings that the connection is not private/secure see browser access restrictions docid\ ofngqwg3rd3gj1ymg24b9 for more information despite these warnings, all communication through manufacturing connect edge and manufacturing connect is done through https , which means it's encrypted end to end and the connection is always secure manufacturing connect edge gives you the option to upload certificates and copy device public keys as required by your organization device certificates a device certificate (or ssl certificate) is a digital certificate that provides proof of the device's identity (manufacturing connect edge instance) if required by your organization, you can replace the self signed certificate generated by manufacturing connect edge with your own device certificate when you upload a device certificate, the connection to the device is validated as a secure connection for details on uploading a device certificate, see add a device certificate docid\ t uhcszv8vcnzscduovtc device certificate use cases you are not required to upload a device certificate for your instance of manufacturing connect edge, but your organization may decide to upload one for the following use cases your organization's it policies require proper signed certificates for your manufacturing connect edge instance your organization requires a domain name and any respective certificates to be attached to your manufacturing connect edge instance device certificate requirements the certificate you upload must be an nginx certificate when uploading a device certificate, you will need to provide the following parameters ssl certificate the public key certificate associated with the device certificate ca chain the certificate authority's chain of certificates that validates the device certificate's public and private keys when validating this parameter, make sure it includes all intermediate certificate authorities private rsa key the private key certificate associated with the device certificate reset device certificates you have the option of using the reset to self signed device certificate function for device certificates this replaces the existing certificate with the automatically generated self signed one and creates a new expiry date for the certificate before you reset the certificate, verify that any system communicating with manufacturing connect edge will not be negatively affected, as this invalidates all active ui sessions and the receiving of data from external sources custom ca certificates a ca certificate is a digital certificate issued by a certificate authority (ca) the ca certificate allows valid and secure connections between manufacturing connect edge and other systems learn more about certificate authorities from wikipedia to create a valid and secure connection between manufacturing connect edge and manufacturing connect, a custom ca certificate needs to be generated to complete this specific task, see activate an edge device docid 5pzx61w 1kwn6shobesfg for details to upload a custom ca certificate not related to validating communication between manufacturing connect edge and manufacturing connect, see add a custom ca certificate docid\ k0l iimqa7mflnvrus5qj important when uploading a custom ca certificate, make sure the file is in crt format and that x509 encoding is used custom ca certificate use cases you can upload custom ca certificates for the following use cases enable a valid connection between manufacturing connect edge and manufacturing connect by providing the manufacturing connect url as the endpoint for this specific use case, see activate an edge device docid 5pzx61w 1kwn6shobesfg for details depending on the specific requirements of your organization, upload any required certificates provided by private cas if you are using integrations to connect to cloud services, some of these services may use custom certificate authorities that are not available from the trusted ca store in the manufacturing connect edge instance in this scenario, you would need to add these ca certificates to the list of trusted custom ca certificates if you have a private docker registry, the applications marketplace refuses to connect to the registry because it is unable to validate the certificate you would then need to manually update the custom ca certificates device public keys the device public key is the manufacturing connect edge system's identity/device footprint it is not related to certificates if your organization requires public keys to be accepted, you can copy it from the device public key section identity certificates identity certificates are required when a connection between a device (manufacturing connect edge instance) and another service needs to be authenticated for example, when a connection is set up between manufacturing connect edge and manufacturing connect, an identity certificate is created that can be viewed in manufacturing connect edge manufacturing connect edge can have multiple identity certificates signed by different authorities when you create a connection between manufacturing connect edge and manufacturing connect, an identity certificate is automatically created that can't be deleted from manufacturing connect edge certificate signing requests a certificate signing request (csr) is used to apply for an ssl/tls certificate the csr contains information that the certificate authority will use to create the certificate, such as common name, organization, and country it also contains the public key that will be included in your certificate and is signed with the corresponding private key you can copy/download the certificate signing request in manufacturing connect edge and send it to a certificate authority for authorization the certificate authority can then send back a signed identity certificate you can then install this identity certificate in manufacturing connect edge see install an identity certificate docid 1xpqwwf6scz ardqeaeme and manage certificate signing requests docid\ vmh0v2bptplvnnrcnrdpf for more details access system certificates ui to access the system certificates pane log in to manufacturing connect edge from the navigation panel, navigate to system > network click the certificates tab next steps add a device certificate docid\ t uhcszv8vcnzscduovtc add a custom ca certificate docid\ k0l iimqa7mflnvrus5qj manage custom ca certificates docid\ ha31cjrlftgp ss23 1h3 install an identity certificate docid 1xpqwwf6scz ardqeaeme manage certificate signing requests docid\ vmh0v2bptplvnnrcnrdpf