Kaspersky IoT Secure Gateway 100
2.0
English
Configuring the gateway  >  Configuring a connection over the MQTT protocol  >  Required actions when an MQTT broker certificate is revoked

Required actions when an MQTT broker certificate is revoked

When an MQTT broker certificate is revoked, you will need to obtain a new certificate from the MQTT broker administrator and replace the revoked certificate. If you do not do this, Kaspersky IoT Secure Gateway 100 will trust both the revoked certificate and the new certificate until the revoked certificate expires. This could lead to a situation in which a connection established over a secure channel is not actually secure.

To use a new MQTT broker certificate instead of a revoked certificate:

  1. In the /app/Core/pki/certs/transfer/mqtt/publisher directory on the HW-IDS partition of the microSD card, delete the file indicated in the trustStore parameter of the MqttPublisherSettings-0.json configuration file.
  2. In the trustStore parameter of the MqttPublisherSettings-0.json configuration file, specify the name of the new certificate file.
  3. Copy the new certificate file to the /app/Core/pki/certs/transfer/mqtt/publisher directory on the HW-IDS partition.

Article ID: 246545, Last review: May 24, 2023
Page top