Certificates

Jump to Section

Certificates can be viewed under Settings. Certificates are used to encrypt and validate connections to other systems (Ex. connecting via TLS to and MQTT broker or OPC UA server). This section covers how to create and manage certificates.

Certificates are commonly used to secure communications and authenticate clients. An example is using certificates with the MQTT connector to send and receive data from AWS IoT Core. In this case, the self-signed certificate for AWS is used to secure the connection and AWS provides a public and private key to authenticate the hub. Use the steps in the preceding sections to import certificates into the hub and use them in connectors.

Add a Certificate

  1. Navigate to Settings > Certificates in the configuration’s Main Menu. Here you can add, edit, and view certificates.
    To add a certificate, click the New Certificate button.

NOTE: HighByte Intelligence Hub may automatically generate some certificates/keys on your behalf
(e.g., app-certificate* are application instance-specific certificates used by OPC UA connections).
You may replace these with your own certificates and keys according to your organization’s IT policies.

  1. Choose the upload format you want to use:
    • POM: Supports both text and file-based uploads of certificates and keys.
    • PKCS12: Supports upload of .p12 or .pfx bundled certificate/key files.

Upload Selector

  1. For POM uploads, choose how you’d like to provide your certificate and key:

    • Text: Paste the contents of your certificate and private key directly into the provided fields.
    • File: Upload individual certificate and key files.

    Supported formats include:

    • X.509 certificates
    • Private keys in PKCS#1 or PKCS#8 formats

    Example:

    • Certificates should begin with -----BEGIN CERTIFICATE-----.
    • Private keys should start with either -----BEGIN RSA PRIVATE KEY-----, -----BEGIN PRIVATE KEY-----, or -----BEGIN ENCRYPTED PRIVATE KEY-----, depending on format.

POM File Upload

NOTE: POM uploads support uploading certificate chains. All uploaded certificate chains must have an accompanying private key and must be ordered according to signing order. This means the Root certificate or the certificate closest to the root, must be placed first in the chain.

  1. For PKCS12 uploads:
    • Upload the .p12 or .pfx file, which may one or more certificates and certificate chain/private key combinations.

PKCS12 Upload

  1. (Optional) Provide a password if your certificate or key is encrypted.
    This applies to both PKCS#8 and PKCS#12 uploads.

  2. Enter an Alias to identify the certificate and certificate chain/private key within the system. This only applies to POM uploads.