Certificates

Certificates can be viewed under Settings. Certificates are used to encrypt and validate connections to other systems (Ex. connecting via TLS to and MQTT broker or OPC UA server). This section covers how to create and manage certificates.

Certificates are commonly used to secure communications and authenticate clients. An example is using certificates with the MQTT connector to send and receive data from AWS IoT Core. In this case, the self-signed certificate for AWS is used to secure the connection and AWS provides a public and private key to authenticate the hub. Use the steps in the preceding sections to import certificates into the hub and use them in connectors.

HighByte Intelligence Hub may automatically generate some certificates/keys on your behalf (e.g, app-certificate* are application instance-specific certificates used by OPC UA connections). You may replace these with your own certificates and keys according to your organization’s IT policies.

Add a Certificate

Navigate to Settings > Certificates in the configuration’s Main Menu. Here you can add, edit, and view certificates.
Certificate aliases can be edited on the Certificate details page, any other changes to the certificate would require a new entry. When an alias is updated, references to the certificate do not update and would need to be saved with the new alias.
To add a certificate, click the New Certificate button.

Choose the upload format you want to use and click the Set Import Entries button:

Import Type	Description
PEM (File)	Supports both text-based uploads of certificates and keys.
PEM (Text)	Supports both file-based uploads of certificates and keys.
PKCS12	Supports upload of `.p12` or `.pfx` bundled certificate/key files.

Enter the certificate details and click the Import button. Required details vary on the Import Type as listed in the sections below.

PEM (File)

Setting	Description
Alias	Name to identify the certificate and certificate chain/private key within the system.
Certificates File	Supports X.509 certificates
Private Key File	Supports Private keys in PKCS#1 or PKCS#8 formats
Password	Provide a password if your certificate or key is encrypted.

PEM uploads support uploading certificate chains. All uploaded certificate chains must have an accompanying private key and must be ordered according to signing order. This means the Root certificate or the certificate closest to the root, must be placed first in the chain.

PEM (Text)

Setting	Description
Alias	Name to identify the certificate and certificate chain/private key within the system.
Certificates File	Paste the contents of your certificate directly into the field.
Private Key File	Paste the contents of your private key directly into the field.
Password	Provide a password if your certificate or key is encrypted.

Certificates should begin with -----BEGIN CERTIFICATE-----.

Private keys should start with either-----BEGIN RSA PRIVATE KEY-----,-----BEGIN PRIVATE KEY-----, or-----BEGIN ENCRYPTED PRIVATE KEY-----, depending on format.

PKCS12

Setting	Description
PKCS12 File	The file may be one or more certificates and certificate chain/private key combinations.
Password	Provide a password if your certificate or key is encrypted.