Using Mutual TLS for Agents

You can configure protocol-mapper agents to use mutual TLS (mTLS) for secure communication with Connectware. In the following example setup, the agent connects via MQTT over a secure TLS connection (port 8883), requiring both client and CA certificates for mutual authentication. This approach ensures that both the server and the client verify each other's identities, adding an extra layer of security.

The example shows how to configure environment variables such as CYBUS_MQTT_SCHEME, CYBUS_MQTT_PORT, and USE_MUTUAL_TLS. It also explains how to mount certificates using Docker volumes to ensure secure communication between the agent and the server.

version: '2.0'
services:
    protocol-mapper-agent:
        image: registry.cybus.io/cybus/protocol-mapper:${IMAGE_TAG}
        environment:
            CYBUS_AGENT_MODE: distributed
            CYBUS_AGENT_NAME: myAgent
            CYBUS_MQTT_SCHEME: mqtts
            CYBUS_MQTT_HOST: 10.11.12.13
            CYBUS_MQTT_PORT: '8883'
            USE_MUTUAL_TLS: true
        volumes:
            - protocol-mapper-agent:/data
            - /mycerts:/connectware/certs/client
            - /myca:/connectware/certs/ca
        restart: unless-stopped
        network_mode: host
        hostname: <some-suitable-hostname>
volumes:
    protocol-mapper-agent:

Last updated

Logo

© Copyright 2024, Cybus GmbH