Process for Validation of the Server Certificate Chain

Validation Process

1. PCo sets up the certificate chain using the certificates that the MQTT server has sent.

   The folder with the trusted certificates and the folder with the certificates of a trusted publisher are taken into account. The folder with the rejected certificates is only used for the temporary storage of rejected certificates.

2. If the certificate chain is incomplete, the server certificate being checked is regarded as untrusted.

3. If it was possible to set up the certificate chain and at least one certificate was taken for this from the trusted certificates folder, the certificate is regarded as trusted for the validation.

4. A revocation check is only performed if the certificate chain is complete and the certificate is therefore regarded as trusted.

5. During the online revocation check, the crls folder (under the trusted certificates folder) is updated in accordance with the last certificate revocation list.