TLS With Client Certificate and Token
Prerequisites
Before starting this exercise, ensure you have:
- Access to Maximo Monitor
Configure Connection Security Level
- Open
Maximo Application Suiteand selectMonitor Application - Navigate to Setup > IoT Security

- Select TLS with Client Certificate and Token as the authentication method from dropdown

- Save the configuration

- Generate CA and client certificate and keys.
- Add CA Certificate to the system

- Provide details for CA Certificate and also you can view certificate details.

- Click on Save button.
- Now you can create a DeviceType (Steps to create DeviceType) and devices (Steps to create Device).
- New device has username and password(token) is generated. Keep those username and password for future use.
-
Generate certificates for device and devicetype and add CA certificate in the system and keep client certificate and key for further device authentication. 11.1.
mkdir -p ~/work/mas/ca/simple11.2.cd ~/work/mas/ca/simple11.3.openssl genrsa -out ca.key 409611.4.openssl req -new -x509 -sha256 -days 1826 -key ca.key -out ca.crt -subj "/C=UK/ST=Hampshire/L=Winchester/O=JonTmp/CN=JonRootSimple"11.5.openssl genrsa -out jonkafkatest1.key 409611.6.openssl req -new -key jonkafkatest1.key -out jonkafkatest1.csr -sha256 -subj "/C=UK/ST=Hampshire/L=Winchester/O=JonTmp/CN=d:<deviceType>:<deviceId>"11.7.openssl x509 -req -in jonkafkatest1.csr -CA ca.crt -CAkey ca.key -out jonkafkatest1.crt -days 825 -sha256 -
Add metric and event on device type (Steps to add metric).
- Now you can use Swagger UI (Selecy
API Docs Menuand selectHTTP Messaging APIclick onView APIs) or any messaging tool like MQTTX to test device authentication using username and password. - User needs to provide username and token(password) and client certificate and client key for device authentication.
- Provide parameters and topic for device and send data.
-
Once you send data, Verify data should be shown in device recent event and data table.
Device Recent

Device Data Table

Best Practices
Security Recommendations
- Unique credentials: Each device should have unique certificate and token
- Backup procedures: Secure backup of CA keys and token
Next Steps
After configuring TLS with client certificate and token authentication:
- Review TLS With Token for simpler deployments
- Review TLS With Client Certificate or Token for flexible authentication
Related Topics: - TLS With Token - TLS With Client Certificate or Token