How-To Guides

Add a Device Certificate in Litmus Edge

8min

A device certificate (or SSL certificate) is a digital certificate that provides proof of the device's identity (Litmus Edge instance). A device certificate for your Litmus Edge instance is not required as the connection is already secured with an automatically generated self-signed certificate. Refer to the Self-Signed Certificates and Device Certificates sections in Certificates for more information.

SSL Certificate Workflow

At a manufacturing plant, you need to ensure secure communication between any industrial devices. You can follow the steps below to add it to our Litmus Edge system. This will help you maintain a secure connection and protect sensitive data within your manufacturing environment.

Refer to the image and descriptions below to review the process of adding an SSL certificate to Litmus Edge (LE) or Litmus Edge Manager (LEM).

Document image

  • Step 1: You will need to request an SSL certificate from your IT team.
  • Step 2: Your IT team will make a request for the SSL certificate from a certificate authority (CA) (for example, DigiCert).
  • Step 3: The CA will return the following to your IT team.
    • The root CA certificate file
    • Any required intermediate certificates
    • The SSL certificate file
  • Step 4: The IT team will send you the following.
    • The root certificate file
    • Any required intermediate certificates
    • The SSL certificate file
    • The private key file
  • Step 5: You will apply the following in either Litmus Edge (see steps below) or Litmus Edge Manager (see SSL Setting Features).
    • The CA chain file (root CA file and all intermediate certificates)
    • The SSL certificate
    • The private key file

You can add a device certificate in Litmus Edge by navigating to System > Certificates.

Before You Begin

Before you complete the steps below, make sure you do the following.

  • Verify you have admin credentials for Litmus Edge.
  • Have access to a Linux system.
  • Verify that the the certificate you upload is an Nginx certificate.
  • Submit the Certificate Signing Request in Litmus Edge to a certificate authority and subsequently receive the device certificate with all required parameters (CA Chain and Private Key). See Manage Certificate Signing Requests for details.
  • Confirm with your IT department if you require a custom CA certificate to be uploaded to Litmus Edge before you add a device certificate. If you need to upload a custom CA certificate, see Add a Custom CA Certificate for details.

Step 1: Create a Backup of Your Device

You will first need to create a backup of your device in case you need to recover its configuration settings.

Follow the steps to Backup a Device.

Step 2: Generate Key Certificates

You will need to collect the following parameters to create the device certificate.

  • SSL Certificate: The public key certificate associated with the device certificate. You will receive the SSL certificate from the certificate authority after submitting the Litmus Edge certificate signing request.
  • CA Chain: The certificate authority's chain of certificates that validates the device certificate's public and private keys. When validating this parameter, make sure it includes all intermediate certificate authorities.
  • Private Key: The private key certificate associated with the device certificate. You will receive the private key from the certificate authority after submitting the Litmus Edge certificate signing request. To successfully submit the private key, ensure the following:
    • The private key is an RSA private key. If the private key is not RSA, you will need to convert it using openssl. You can use the following command: openssl rsa -in <old_file_name> -out  <new_file>.
    • The private key is not encrypted. If the private key is encrypted, follow up with your IT department to decrypt it.

The steps below are an example to generate certificates locally. You can obtain them from your organization’s IT department.

Note: This action must be performed in a Linux system outside Litmus Edge.

To generate key certificates:

  1. Log in to a Linux system.
  2. Enter the following command: docker run --name servercerts -v /Users/Projects/docs/data/certificates/cert:/certs -e CA_EXPIRE=365 -e SSL_EXPIRE=365 -e SSL_KEY=server-key.pem -e SSL_CERT=server-cert.pem -e SSL_CSR=server.csr -e SSL_SUBJECT=localhost paulczar/omgwtfssl
  3. Open the private key file in an editor of your choice to check if the key file is RSA. The first line should look like this: -----BEGIN RSA PRIVATE KEY----

Step 3: Add the Device Certificate

You will now need to add the device certificate in Litmus Edge.

To add a device certificate:

  1. Navigate to System > Network.
  2. Click the Certificates tab.

  3. From the Device Certificates section, click the Add icon. The Add Certificates dialog box appears.

    Document image
    
  4. For SSL CertificateCA Chain, and Private Key fields, do one of the following:

    • Click the Upload icon and select the certificate/key file.

      Upload icon
      Upload icon
      
    • Paste the certificate/key into the field.
  5. Click Submit.

Step 4: Restart the System

The final step is to restart the system and verify the certificate appears in the Certificates pane.

To restart the system:

  1. From the Certificates pane, navigate to System > Device Management. The Device Management pane appears.
  2. From the Manage section, click Reboot. The system reboots.
  3. Once the system has restarted, log in and navigate to System > Network > Certificates. Verify the certificate appears.



Updated 11 Oct 2024
PREVIOUS
Use Digital Twins to Contextualize Data
NEXT
Configure an External DataHub Source
Docs powered by Archbee