How to update Bundled SSL certificate in Cumulocity Edge

Overview

SSL needs to be updated in the IoT edge platform at regular intervals of time in case the certificate needs to be renewed. Uploading only a public SSL certificate can throw an SSL certificate error as per the below screenshot.

Root + Intermediate and public SSL certificates should be added altogether to Edge Server to solve the certificate chain issues.

Steps to create SSL bundled certificate

  1. Upload the root, intermediate and public certificate to any shell script-based server.

  2. Bundled the certificate using as
    Cat ‚Äúpublic certificate‚ÄĚ ‚Äúintermediate certificate‚ÄĚ ‚Äúroot certificate‚ÄĚ > ‚Äúbundled certificate‚ÄĚ

    Example
    Below is the SSL certificate used in IOT edge

    server certificate - example.com.crt
    Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
    Intermediate CA Certificate - USERTrustRSAAAACA.crt
    Root CA Certificate - AAACertificateServices.crt
    

    Bundled certificates can be created as below.

    cat example.com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAAACA.crt AAACertificateServices.crt > ca-bundle.crt

Follow the below link for Updating the SSL certificate to IOT edge.

https://cumulocity.com/guides/edge/configuration/#updating-ssl-certificate

2 Likes