Connection Tab

Here you define the security-related connection data for the connection to the MQTT server.

Last Will Settings

Settings for the Last Message if Connection Interrupted
Field	Description
Topic Name	This is the name of the last message that is to be sent from the MQTT server to PCo if the connection between PCo and the MQTT server is interrupted. This message is called a last will message. If you enter something here, you can enter a message text in the Message field that you want to be sent in the following situations: The MQTT server discovers an I/O error or a network outage. The PCo client does not manage to communicate with the server within the defined keep--alive interval. The PCo client closes the network connection without first sending a DISCONNECT packet. The MQTT server closes the network connection due to a protocol error.
Message	Here you enter the message text that you want to be sent from the MQTT server to PCo if the connection is interrupted.
QoS	Quality of service: To make sure that a a sent message reaches the recipient, MQTT defines three different quality of service (QoS) levels with which a message can be sent: 0 - At Most Once When PCo receives the last message, no confirmation is to be sent to the MQTT server. 1 - At Least Once PCo sends the Publish Acknowledge Packet (PUBACK packet) to the MQTT server as soon as the last will message has arrived. 2 - Exactly Once PCo sends the Publish Received Packet (PUBREC) to the MQTT server as soon as the last will message has arrived. The server responds with the Publish Release Packet (PUBREL). PCo responds with the Publish Complete Packet (PUBCOMP).
Retain Message	By selecting this checkbox you define that the MQTT server has to store the last will message and send it to PCo, even if PCo is currently offline.

Client Certificate

Settings for the Client Certificate
Field	Description
Certificate	Here you can select a client certificate with a private key if you want to set up a secure connection (mqtts or wss). Note The client certificate is always stored in the Windows certificate store.

Certificate Folders

Settings for the Certificate Folders
Field	Description
Store Type	Here you select the store for the server certificate of the MQTT server that you want to be validated. The following types are supported: Microsoft certificate store When a connection is being established, with this setting, PCo automatically searches in the Microsoft certificate store folder for a server certificate. Recommendation If you are using PCo based on Windows OS, you need to use the Microsoft certificate store option. File system certificate store With this option, you can specify the store location for the certificates, which PCo is to trust, in the file system.
Trusted Certificates	Here you can specify the folder in which the trusted certificates are stored. If you have selected the Microsoft certificate store, this is the folder for the trusted root certification authorities. The system proposes this automatically. Example Local Computer/Trusted Publishers If you have chosen the file system certificate store, a directory is proposed in the file system with the following subfolders: certs: Folder for trusted certificates If you store a certificate from the certificate chain in this folder, this certificate is trusted in the check. The certificate is regarded as not trusted if there is no certificate from the certificate chain stored here. crls: Folder for certificate revocation lists private: Folder for private certificates that are not used for Windows If you choose Browse, a dialog box appears where you can select another folder.
Issuer Certificates	Here you can specify the folder in which the certificates of a trusted issuer are stored. If you selected the Microsoft certificate store, this is the folder for the intermediate certificate authorities. This is proposed automatically. Example Local Computer/Intermediate Certificate Authorities If you have selected the file system certificate store, a directory is proposed in the file system with the subfolder certs. This folder is used to complete the certificate chain if the server does not send the complete certificate chain.
Rejected Certificates	Here you can specify the folder in which the rejected certificates are stored. If you are using the Microsoft certificate store, select Untrusted Certificates here. Example Local Computer/Untrusted Certificates If you have selected the file system certificate store, use a directory in the file system with the subfolder certs (folder for rejected certificates).

Certificate Validation Options

Validation Options
Field	Description
Revocation Check	In this field you define how the revocation check of the server certificate is to be performed. You have the following options: No Check on Revoked Certificates No check is carried out. Check Online Revocation Lists The online check is a secure procedure but it can have a negative impact on performance. Recommendation This is the recommended setting in connection with the Microsoft certificate store. Check Offline Revocation Lists If you are using the Microsoft certificate store, you need to copy all the relevant certificate revocation lists into the Trusted Root Certification Authorities directory. If you have selected the file system certificate store, you need to copy all related certificate revocation lists as .crl files into the revocation list folder.
Revocation Check Scope	Indicates the scope of the revocation check. You have the following options: Check End Certificate Only Only the last certificate in a certificate chain is checked. Exclude Root Certificate from Check Check Entire Chain All certificates in a certificate chain are checked. Recommendation This is the recommended setting.
Ignore Server Host Name	If you select this checkbox, the check results of the server host name are not taken into consideration. During the check, a comparison is made with the domain name system (DNS) name that is included in the certificate. The DNS name is the name of a server in a domain, for example: mo-90dxxxxxx.mo.sap.corp. Recommendation SAP recommends that you do not set this indicator.
Ignore Validity Period	If you select this checkbox, you define that the validity period of the server certificate and the certificates in the certificate chain are not to be taken into consideration.

Proxy Settings


Field	Description
Proxy URI	You use this setting if you want the MQTT server to be connected using a proxy. PCo supports two types of proxy URIs: http: socks5: Example http://proxy:8083 socks5://proxy:8080
User Name	User name for the proxy (optional)
Password	Password for the proxy (optional)