Recommended Security Settings

This document describes the recommended security settings that you make on the Connection tab.

Recommended Settings

If the PCo MQTT client is running on Windows OS, the following security settings are recommended:

Recommended Settings on the Connection Tab
Field	Recommended Setting
Store Type	`Microsoft Certificate Store`
Trusted Certificates/Issuer Certificates/Rejected Certificates	For the certificates, you choose a storage location on the local computer or the current user. Note It might be the case that the certificates are not visible to the current user during runtime if you start the agent instance with different credentials. As a result, the agent instance cannot be started.
Revocation Check	`Check Online Revocation Lists`
Revocation Check Scope	`Check Entire Chain`
Ignore Server Host Name	Do not select the checkbox.
Ignore Validity Period	Do not select the checkbox.

If you want to use certificate chains for client authentication, you need to make the following settings:

You need to install all intermediate certificates in the store for intermediate certificate authorities.
You need to install all trusted root certificates in the store for trusted root certification authorities.