Certificate overview

The Industrial Edge Device (IED) includes a gateway that serves endpoints for UI or API interaction, which can be accessed by a browser or other clients. To secure communication concerning authenticity and integrity, the gateway uses TLS (Transport Layer Security). TLS is ensured through certificates, which must also be managed on the IED.

During the onboarding process, the IED automatically generates a TLS certificate bound to its specific IP address. To enable secure access, the client (e.g., browser or operating system) must trust this certificate. This typically involves importing the generated certificate into the local trust store.

To simplify trust management and reduce manual steps, you can replace the default certificate with one signed by either:

• Public Certificate Authority (CA)
• Private Enterprise Root CA

The IED connects to IEM, which may use certificates signed by a private CA. To establish trust, the Root CA of IEM is provided via the config file during the onboarding step. It can also be manually updated in the IED UI if needed.

For details, see:

• How to Update the IED's Gateway Certificate
• How to Update the Trust Store