Add a Device Certificate in Litmus Edge

a device certificate (or ssl certificate) is a digital certificate that provides proof of the device's identity (litmus edge instance) a device certificate for your litmus edge instance is not required as the connection is already secured with an automatically generated self signed certificate refer to the self signed certificates and device certificates sections in certificates docid\ zeytjuaxxup4zur715b4m for more information ssl certificate workflow at a manufacturing plant, you need to ensure secure communication between any industrial devices you can follow the steps below to add it to our litmus edge system this will help you maintain a secure connection and protect sensitive data within your manufacturing environment refer to the image and descriptions below to review the process of adding an ssl certificate to litmus edge (le) or litmus edge manager (lem) step 1 you will need to request an ssl certificate from your it team step 2 your it team will make a request for the ssl certificate from a certificate authority (ca) (for example, digicert) step 3 the ca will return the following to your it team the root ca certificate file any required intermediate certificates the ssl certificate file step 4 the it team will send you the following the root certificate file any required intermediate certificates the ssl certificate file the private key file step 5 you will apply the following in either litmus edge (see steps below) or litmus edge manager (see domain/ssl docid\ mc8z1bk3ywckqq4 kupcv ) the ca chain file (root ca file and all intermediate certificates) the ssl certificate the private key file you can add a device certificate in litmus edge by navigating to system > certificates before you begin before you complete the steps below, make sure you do the following verify you have admin credentials for litmus edge have access to a linux system verify that the the certificate you upload is an nginx certificate submit the certificate signing request in litmus edge to a certificate authority and subsequently receive the device certificate with all required parameters (ca chain and private key) see manage certificate signing requests docid\ p8x986xuqkwputshgqp7y for details confirm with your it department if you require a custom ca certificate to be uploaded to litmus edge before you add a device certificate if you need to upload a custom ca certificate, see add a custom ca certificate docid\ ontddyozqbazxdr1y6j 3 for details step 1 create a backup of your device you will first need to create a backup of your device in case you need to recover its configuration settings follow the steps to back up a device docid\ cvfmqxzrvcrroua9avjse step 2 generate key certificates you will need to collect the following parameters to create the device certificate ssl certificate the public key certificate associated with the device certificate you will receive the ssl certificate from the certificate authority after submitting the litmus edge certificate signing request ca chain the certificate authority's chain of certificates that validates the device certificate's public and private keys when validating this parameter, make sure it includes all intermediate certificate authorities private key the private key certificate associated with the device certificate you will receive the private key from the certificate authority after submitting the litmus edge certificate signing request to successfully submit the private key, ensure the following the private key is an rsa private key if the private key is not rsa, you will need to convert it using openssl you can use the following command openssl rsa in \<old file name> out \<new file> the private key is not encrypted if the private key is encrypted, follow up with your it department to decrypt it the steps below are an example to generate certificates locally you can obtain them from your organization’s it department note this action must be performed in a linux system outside litmus edge to generate key certificates log in to a linux system enter the following command docker run name servercerts v /users/projects/docs/data/certificates/cert /certs e ca expire=365 e ssl expire=365 e ssl key=server key pem e ssl cert=server cert pem e ssl csr=server csr e ssl subject=localhost paulczar/omgwtfssl open the private key file in an editor of your choice to check if the key file is rsa the first line should look like this \ begin rsa private key step 3 add the device certificate you will now need to add the device certificate in litmus edge to add a device certificate navigate to system > network click the certificates tab from the device certificates section, click the add icon the add certificates dialog box appears for ssl certificate , ca chain , and private key fields, do one of the following click the upload icon and select the certificate/key file paste the certificate/key into the field click submit step 4 restart the system the final step is to restart the system and verify the certificate appears in the certificates pane to restart the system from the certificates pane, navigate to system > device management the device management pane appears from the manage section, click reboot the system reboots once the system has restarted, log in and navigate to system > network > certificates verify the certificate appears