LogoLogo
Contact Uscybus.io
Connectware 1.11.0
Connectware 1.11.0
  • Getting Started
    • Introduction
    • System Requirements
    • Connectware Admin UI
    • Basic Components of Connectware
    • Connecting your First Machine
      • Your First Service Commissioning File
  • Documentation
    • Installation & Upgrades
      • Installing Connectware
        • Installing Connectware (Kubernetes)
        • Installing Connectware (Docker)
      • Upgrading Connectware
        • Upgrading Connectware (Kubernetes)
          • Version-Specific Upgrades (Kubernetes)
        • Upgrading Connectware (Docker)
          • Version-Specific Upgrades (Docker)
      • Uninstalling Connectware
        • Uninstalling Connectware (Kubernetes)
        • Uninstalling Connectware (Docker)
      • Licensing
      • Restarting Connectware
    • User Management
      • Users & Roles View
      • Users
      • Roles
      • Permissions
      • Password Policy Rules
      • Default Admin User
      • MQTT Users
      • Adding a MQTT Publish Prefix for Users
      • Multi-Factor Authentication
      • Single Sign-On (SS0)
        • Single Sign-On with Microsoft Entra ID
        • Single Sign-On with LDAP
      • JSON Web Tokens
      • Access Permissions for Admin-UI
        • UI Access
        • Minimum Access Role Pages
    • Services
      • Service Overview
      • Service Resources View
        • Service Links View
        • Servers View
        • Containers View
        • Volumes View
        • Connections View
        • Endpoints View
        • Mappings View
      • Service Details View
      • Service Commissioning Files
        • Version
        • Description
        • Metadata
        • Parameters
        • Definitions
        • Resources
          • Cybus::Connection
          • Cybus::Container
            • Docker Problem with Network Changes
          • Cybus::Endpoint
          • Cybus::File
          • Cybus::IngressRoute
          • Cybus::Link
          • Cybus::Mapping
          • Cybus::Node
          • Cybus::Role
          • Cybus::Server
          • Cybus::User
          • Cybus::Volume
      • Setting Up & Configuring Services
        • Installing Services
        • Enabling Services
        • Updating Services
        • Disabling Services
        • Deleting Services
      • FlowSync
        • Example 1 - Node with Transaction Mode (HTTP)
        • Example 2 - Node Responds (HTTP)
        • Example 3 - Node with Error (HTTP)
        • Example 4 - Node with Timeout Error Code & Error Message (HTTP)
        • Example 5 - Full Transactional Data Flow (HTTP)
        • Example 6 - Full Transactional Data Flow (OPC UA)
      • ServiceID
      • Inter-Service Referencing
      • Deviations
      • Service Logs
        • Logs of Individual Services
        • Logs of All Services
      • Rule Engine
        • Data Processing Rules
        • Rule Sandbox
      • Shared Subscriptions
        • Setting Up Shared Subscriptions
    • Agents
      • Agents View
      • Installing Agents
        • Installing Agents via Docker
        • Installing Agents via Docker Compose
        • Installing Agents via Kubernetes
        • Using Mutual TLS for Agents
      • Registering Agents in Connectware
      • Using Agents
      • Monitoring Agents
      • Agents in Kubernetes
        • Adding Agents Inside your Connectware Installation
        • Remote Agents with the connectware-agent Helm Chart
        • Kubernetes Cluster Requirements for the connectware-agent Helm Chart
        • Installing Connectware Agents using the connectware-agent Helm Chart
        • Installing Connectware Agents without a License Key Using the connectware-agent Helm Chart
        • Upgrading the connectware-agent Helm Chart
        • Uninstalling Connectware agents with the connectware-agent Helm chart
        • Configuration Principles for the connectware-agent Helm Chart
        • Configuring Agents with the connectware-agent Helm Chart
          • Configuring Target Connectware for the connectware-agent Helm Chart
          • Configuring Agent Persistence for the connectware-agent Helm Chart
          • Configuring Compute Resources for the connectware-agent Helm Chart
          • Using a Custom Image Registry for the connectware-agent Helm Chart
          • Configuring Image Pull Policy for the connectware-agent Helm Chart
          • Using Mutual Transport Layer Security (mTLS) for agents with the connectware-agent Helm chart
          • Configuring image name & version for the connectware-agent Helm chart
          • Configuring Environment Variables for the connectware-agent Helm Chart
          • Configuring Labels & Annotations for the connectware-agent Helm Chart
          • Configuring podAntiAffinity for the connectware-agent Helm Chart
          • Assigning Agents to Kubernetes Nodes for the connectware-agent Helm Chart
          • Configuring Security Context for the connectware-agent Helm Chart
          • Controlling the Name of Kubernetes Objects for the connectware-agent Helm Chart
      • Troubleshooting Agents
    • Client Registry
      • Implicit Flow
      • Explicit Flow
      • Granting Access
    • Security
      • TLS Certificates
        • Certificate Requirements
          • Cipher Suites & TLS Versions
        • CA Certificates
          • Certificates View
        • Client Certificates
        • Server Certificates
    • Monitoring
      • Data Explorer
      • Live Data
    • Node-RED Workbench
    • System Status
      • System Container Status
      • Internet Connectivity Status
      • Metrics (Data Points and Messages)
      • Agents Status
      • License Information
      • System Information
    • Backup & Restore
      • Volumes
      • User Database
    • CybusMQ
      • Configuring CybusMQ
    • Connectware on Kubernetes
      • Connectware Helm Chart
      • Resizing Broker Volumes in Kubernetes
      • Configuring Core Services
      • LDAP Authentication
        • Configuring LDAP Authentication
        • Enabling TLS for LDAP Authentication
        • Manual Kubernetes Secret for LDAP Authentication Bind User
        • Customizing the Search Filter for LDAP Authentication
        • Customizing the User RDN for LDAP Authentication
      • Troubleshooting Connectware on Kubernetes
    • Environment Variables
    • Industry Protocol Details
      • ADS
        • ADS Connection Properties
        • ADS Endpoint Properties
      • BACnet
        • BACnet Connection Properties
        • BACnet Endpoint Properties
      • Custom Connectors
        • Developing Custom Connectors
        • Deploying Custom Connectors
        • Using Custom Connectors
      • EtherNet/IP
        • EtherNet/Ip Connection Properties
        • EtherNet/Ip Endpoint Properties
      • FOCAS
        • FOCAS Connection Properties
        • FOCAS Endpoint Properties
      • Hottinger Baldwin Messtechnik (HBM)
        • HBM Connection Properties
        • HBM Endpoint Properties
      • Heidenhain DNC
        • Heidenhain DNC Connection Properties
        • Heidenhain DNC Endpoint Properties
      • HTTP/REST
        • HTTP/REST Connection Properties
        • HTTP/REST Endpoint Properties
      • HTTP Server/Node
        • HTTP Server Properties
        • HTTP Node Properties
      • InfluxDB
        • InfluxDB Connection Properties
        • InfluxDB Endpoint Properties
      • Kafka
        • Kafka Connection Properties
        • Kafka Endpoint Properties
      • Modbus/TCP
        • Modbus/TCP Connection Properties
        • Modbus/TCP Endpoint Properties
      • MQTT
        • MQTT Connection Properties
        • MQTT Endpoint Properties
      • MSSQL
        • Mssql Connection Properties
        • Mssql Endpoint Properties
      • OPC DA
        • OPC DA Connection Properties
        • OPC DA Endpoint Properties
      • OPC UA
        • OPC UA Client
          • OPC UA Client Connection Properties
          • OPC UA Client Endpoint Properties
        • OPC UA Server
          • OPC UA Server Properties
          • OPC UA Node Properties
        • OPC UA Object Types
        • OPC UA Server References
          • OPC UA Reference Node
          • OPC UA Object Node
      • Siemens SIMATIC S7
        • Siemens S7 Connection Properties
        • Siemens S7 Endpoint Properties
      • Shdr
        • Shdr Connection Properties
        • Shdr Endpoint Properties
      • SINUMERIK
        • SINUMERIK Connection Properties
        • SINUMERIK Endpoint Properties
      • SOPAS
        • SOPAS Connection Properties
        • SOPAS Endpoint Properties
      • SQL
        • SQL Connection Properties
        • SQL Endpoint Properties
      • Werma WIN Ethernet
        • Werma WIN Ethernet Connection Properties
        • Werma WIN Ethernet Endpoint Properties
      • Systemstate
        • Systemstate Endpoint Properties
    • API Reference
      • User Management (API)
      • Client Registry (API)
      • Services (API)
      • Resources (API)
      • System Status (API)
      • Resource Status Tracking (HTTP API)
      • Industry Protocol Details (API)
    • Changelog
Powered by GitBook
LogoLogo

Cybus

  • Terms and Condition
  • Imprint
  • Data Privacy

© Copyright 2025, Cybus GmbH

On this page
  • Generating the Server Certificate
  • Installing the Server Certificate

Was this helpful?

  1. Documentation
  2. Security
  3. TLS Certificates

Server Certificates

Generate and install your server certificate for secure connections.

PreviousClient CertificatesNextMonitoring

Last updated 1 day ago

Was this helpful?

The server certificate ensure secure connections to Cybus Connectware and must be properly maintained to avoid security issues. Regular certificate updates are necessary following Let's Encrypt renewals through certbot or when deploying self-signed certificates in your environment.

Without proper certificate configuration, users may encounter browser security warnings when accessing the . To establish trusted communication within enterprise networks, Connectware requires server certificates that are trusted and validated by your organization's Public Key Infrastructure (PKI).

Generating the Server Certificate

The following procedure can be performed on any system with OpenSSL installed.

All certificate and key files must be in PEM format.

  1. To define the server certificate configuration, create or modify an openssl.cnf file with the following parameters. Customize the values to match your specific environment:

[alt_names]
DNS.1 = localhost
DNS.2 = server.cybus.io
DNS.3 = *.cybus.io
DNS.4 = *.dev.cybus.io
DNS.5 = a048ffe65867e4a02b615faa014e3cdb-1179064562.cybus.io
DNS.6 = *.eu-central.cybus.io
IP.1 = 127.0.0.1
IP.2 = 192.168.178.110
IP.3 = 172.17.0.1

[req]
# Options for the `req` tool (`man req`).
default_bits        = 2048
distinguished_name  = req_distinguished_name
string_mask         = utf8only
default_md          = sha256
prompt              = no

# Extension to add when the -x509 option is used.
x509_extensions     = server_cert
extensions          = server_cert
req_extensions      = server_cert

[req_distinguished_name]
countryName              = DE
stateOrProvinceName      = HH
0.organizationName       = Acme Test 002
organizationalUnitName   = Shopfloor
commonName               = Cybus Connectware Server 1

[server_cert]
# Extensions for server certificates (`man x509v3_config`).
basicConstraints = CA:FALSE
nsCertType = server
nsComment = "OpenSSL Generated Server Certificate"
subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName=@alt_names
  1. To generate a new private key, run the following command:

openssl genrsa -out cybus_server.key 2048
  1. Store the cybus_server.key file in a secure location.

  2. Generate a Certificate Sign Request (CSR) using your private key:

openssl req -new -key cybus_server.key -out cybus_server.csr -config openssl.cnf
  1. Submit the CSR to your IT department or certificate authority.

  2. After receiving the signed server certificate, store the cybus_server.crt file in a secure location.

Installing the Server Certificate

All certificate and key files must be in PEM format.

Installing the Server Certificate (Kubernetes)

  1. Obtain the corporate certificate (.crt) and key (.key) files from your IT department.

  2. Copy these files to Connectware's certificate volume using the following commands:

    Replace [path-to/your-key-file.key] and [path-to/your-cert-file.crt] with the absolute paths to your key and certificate files.

    Replace [namespace] with the Kubernetes namespace that hosts your Connectware installation.

kubectl -n [namespace] cp [path-to/your-key-file.key] $(kubectl -n [namespace] get pod -lapp=system-control-server -o name | sed -e 's/pod\///g'):/connectware_certs/cybus_server.key
kubectl -n [namespace] cp [path-to/your-cert-file.crt] $(kubectl -n [namespace] get pod -lapp=system-control-server -o name | sed -e 's/pod\///g'):/connectware_certs/cybus_server.crt

Installing the Server Certificate (Docker)

  1. Obtain the corporate certificate (.crt) and key (.key) files from your IT department.

  2. Copy these files to Connectware's certificate volume using the following commands:

    Replace [path-to/your-key-file.key] and [path-to/your-cert-file.crt] with the absolute paths to your key and certificate files.

# Get the container ID or name using labels
container_id=$(docker container ls -q -f "label=io.cybus.connectware=core" -f "label=com.docker.compose.service=auth-server")

# Copy the key and certificate files
docker cp [path-to/your-key-file.key] $container_id:/connectware_certs/cybus_server.key
docker cp [path-to/your-cert-file.crt] $container_id:/connectware_certs/cybus_server.crt

# Set proper ownership and permissions
docker exec $container_id chown -R root:root /connectware_certs
docker exec $container_id chmod 664 /connectware_certs/cybus_server.key
docker exec $container_id chmod 664 /connectware_certs/cybus_server.crt

After updating the certificates, to apply the changes.

You must also add the CA certificate to Connectware to establish the trust chain. See .

After updating the certificates, to apply the changes.

You must also add the CA certificate to Connectware to establish the trust chain. See .

Connectware Admin UI
restart Connectware
CA Certificates
restart Connectware
CA Certificates