Client certificate management

Owned by Finn Zirngibl
Last updated: Apr 01, 2020 by Florian Raschbichler
1 min read

Question

Must individual client certificates be imported in HiveMQ's truststore?

Answer

In production, we recommend using client and server certificates that are signed by a trusted CA or the internal CA of your company.
To create individual client certificates for IoT devices, create an intermediary from your ROOT CA and sign individual certificates with this intermediary.
Make sure that clients present the entire certificate chain on connection, this way, you only need to include your ROOT certificate in the HiveMQ truststore.

See this article.