Overview
SSL needs to be updated in the IoT edge platform at regular intervals of time in case the certificate needs to be renewed. Uploading only a public SSL certificate can throw an SSL certificate error as per the below screenshot.
Root + Intermediate and public SSL certificates should be added altogether to Edge Server to solve the certificate chain issues.
Steps to create SSL bundled certificate
-
Upload the root, intermediate and public certificate to any shell script-based server.
-
Bundled the certificate using as
Cat “public certificate” “intermediate certificate” “root certificate” > “bundled certificate”Example
Below is the SSL certificate used in IOT edgeserver certificate - example.com.crt Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt Intermediate CA Certificate - USERTrustRSAAAACA.crt Root CA Certificate - AAACertificateServices.crtBundled certificates can be created as below.
cat example.com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt > ca-bundle.crt
Follow the below link for Updating the SSL certificate to IOT edge.
https://cumulocity.com/guides/edge/configuration/#updating-ssl-certificate