Skip to content

Certificates

There are various certificates and certificate authorities (CA) generated and used in Industrial Edge:

  • IEM internal root-CA and appropriate intermediate CA are generated during the setup.
  • The certificate chain of these CAs is distributed across Industrial Edge to establish the Chain of Trust for the entire system.
  • The intermediate CA is used to create and sign default IED certificates to secure all IED public interfaces via TLS.
  • The intermediate CA is also used to create and sign default IEM certificates to secure following interfaces via TLS:
  • Container Registry Interface
  • Management UI
  • Maintenance UI
  • Customers can replace following certificates:
  • IED certificates at any time
  • IEM certificates (Container Registry Interface and Management UI) during the IEM setup

    Note
    If a private CA is used to issue the certificates, you must include the full chain from the intermediate certificate of the CA to the final root certificate.

  • The certificate chain of the custom uploaded certificate which is stored as Edge Management
  • IEDs connect to the IEM and to the Registry Interface and must trust the Edge Management root-CA (which is replaced if custom certificates are used)