Skip to Main Content
Cumulocity IoT Feedback Portal
Status Clarification needed
Created by Mario Heidenreich
Created on Apr 21, 2022

Manage trusted root certificates

Edge instances are typically set up "on premise" in networks administrated by the customer. Those customers also tend to provide their own Certificate structure, i.e. the root (and intermediate) certificates are self-signed by the customers IT.

In these cases any connection to other nodes in the network via e.g. https require these root certificates to be trusted. This can be e.g. an Integration Server with a REST API or thee databroker connection to another Edge instance .

The only way right now is to import the root (and/or intermediate) certificates into the OS as described here

This requires administrative access to the VM and special OS knowledge.

In case of microservices the whole situation get worse, because the docker containers manage their trusted certificates on their own. This means that there is currently no plausible way to connect Microservices (including the new databroker) to an external service that have self-signed certificates.

I would like to see a "Manage trusted certificates" section in the Cumulocity Administration section similar to what we have now for device certificates. It should make it possible to manage those certificates without having to login directly to the VM and it should apply for the MS environment, as well.

  • Attach files