Configuring Self-Signed Certificates for MQTT Agent
The IoT Gateway supports self-signed certificates with the MQTT agent. These agents use the Java KeyStore to manage the MQTT broker / server certificates to validate during connection establishment. Use the commands below to import, list, or delete a certificate from the KeyStore.
These instructions assume the Java keytool is installed. The default Java cacerts truststore password is “changeit”.Import certificate into the java store
sudo keytool -import -trustcacerts -keystore /usr/lib/jvm/<java_version>/lib/security/cacerts -alias <alias> -file <certificate>
List the contents of the certificate
keytool -list -keystore /usr/lib/jvm/<java_version>/lib/security/cacerts -alias <alias>
Delete the certificate
sudo keytool -delete -keystore /usr/lib/jvm/<java_version>/lib/security/cacerets -alias <alias>
The location of the Java Key Store used in the above commands may vary. Use the location appropriate for the local Java installation.
For more information about working with certificates using the Java keytool, consult the documentation found on the Oracle Java website.