Industrial OT Server

you can set up an mqtt server through devicehub that supports mqtt generic and mqtt ssl v 5 authentication options you can configure the server with the following authentication options when connecting to clients when configuring the server, can select to enable only mqtt , only mqtt ssl , or both mqtt and mqtt ssl you have the option of adding user credentials or mutual tls authentication to existing authentication configurations learn more about docid\ ka6 o76wr7o2kwbw jf53 when considering authentication options, keep the following in mind you can't use any certificates used for your manufacturing connect edge instance for server authentication the automatically generated self signed certificates may not be compatible with third party hostname verification if using your own ca chain, the client connecting to the server needs to be configured to trust the server or one of the server's cas (certificate authorities) if the certificate files have no hostname defined, then you may need to disable hostname checking in the client to connect successfully to the server user credentials if you enable the user password option, the client will have to provide a username and password to connect to the server no tls authentication when you enable the enable mqtt option, no authentication will be used to connect the client to the server tls authentication using server self signed certificates when you enable the enable mqtt ssl option, you have the option of using the automatically generated self signed certificates for the server copy and paste the self signed server certificate and server private key in the appropriate certificate files when configuring the client you can also use your own self signed certificates by replacing the automatically generated ones if you'll be using your own certificates, you'll need to replace the server certificate and server private key in the server configuration tls authentication using ca chains when you enable the enable mqtt ssl option, you can replace the automatically generated self signed certificates with your own ca chain you will need to replace the self signed server certificate and server private key in the server configuration by copying and pasting or uploading the files in the server certificate field, paste or upload the appropriate server "leaf" certificate associated with the ca chain mutual tls authentication when you enable the enable mqtt ssl option, you can also enable the require client certificate option this provides two way authentication between the server and client you will need to paste or upload the client certificate in the certificate authority field for the server step 1 add mqtt server to devicehub to add the mqtt server to device hub in manufacturing connect edge, navigate to devicehub click add new device for driver type , select mqtt then, for driver name , select mqtt server enter a name for the server optionally, add a description configure the server with the following options you can select to enable only mqtt, only mqtt ssl, or both mqtt and mqtt ssl user password you can enable a required username and password for the client to connect to the server if you enable this option, update the default values as needed for user and password mqtt the mqtt generic option connects the server and client with no authentication if you enable this option, configure the port and interface mqtt port the default port is 1883 mqtt interface the default value 0 0 0 0 means the server listens to all interfaces if needed, update to a specific network interface mqtt ssl the mqtt ssl option allows the client to connect to the server by providing the client configuration with certificates learn more about docid\ ka6 o76wr7o2kwbw jf53 if you enable mqtt ssl, configure the following parameters please review the authentication options section mqtt ssl port the default port value is 8883 mqtt ssl interface the default value 0 0 0 0 means the server listens to all interfaces if needed, update to a specific network interface server certificate a self signed certificate is automatically generated when configuring the mqtt client, copy and paste this value in the certificate file if you are using your own certificate, replace the self signed certificate by copying and pasting or uploading the certificate file server private key a self signed private key is automatically generated when configuring the mqtt client, copy and paste this value in the private key file if you are using your own certificate, replace the self signed certificate by copying and pasting or uploading the certificate file require client certificate if enabled, you will need to provide the client certificate that will be used by the server to authenticate the client paste or upload the certificate in the certificate authority field advanced if you select show , use the min tls version drop down list to select the minimum version of tls to use for authentication additional options see the docid\ nm1lqfefya dsiffitity section to learn more about additional options when done configuring the device, click add device note the server will show a disconnected status until an mqtt client connects to the server step 2 connect mqtt client once you set up the server in devicehub, you can connect an mqtt client to the server note you can't connect the devicehub docid 7hejhtcc7oxfd6zkf1b8o to the mqtt server if they are using the same manufacturing connect edge instance this includes connecting through the flows manager or through an integration connector if they are using different manufacturing connect edge instances, they can connect when connecting the client, configure the following host enter the ip address or domain name of your manufacturing connect edge instance for example, if your manufacturing connect edge instance ip address is https //192 168 0 26, enter mqtt //192 168 0 26 port if connecting to mqtt generic, enter port 1883 or the port specific to your configuration if connecting to mqtt ssl, enter port 8883 or the port specific to your configuration username if user password is enabled, enter the user value password if user password is enabled, enter the password value ssl authentication if mqtt ssl is enabled, copy the server certificate and server private key values from the mqtt server configuration and paste them into the appropriate certificate files then, upload the files as needed in the client configuration step 2 add tags once the client has published topics, you can add tags to the server based on the published topics follow the steps to docid\ olxxodrwnlm ikp2gps 4 to the server the tags will be used as topics to receive data from mqtt clients