User's Manual
Table Of Contents
- 1 Product description
- 2 Integration with SKF @ptitude Observer
- 3 Installation and commissioning
- 4 Maintenance functions
- 5 Product specifications
- 6 Electrical waste
- Appendix A Limited Warranty
INTEGRATION WITH SKF @PTITUDE OBSERVER
@ptitude Observer overview and prerequisites
20 (92)
SKF Enlight Collect IMx-1 System
User Manual
Revision C
Enabling TLS ensures the SKF Enlight Collect IMx-1 system including the
SKF Enlight Collect Manager app can verify it is connecting to the legitimate
@ptitude Observer Monitor server and facilitates encrypted data exchange
between them. This is enabled by default on new databases or on those
upgraded from @ptitude Observer 12.0 or earlier. When used, a TLS
certificate needs to be added to the Monitor service via Monitor Manager
(shortcut named: Monitor Service Manager).
• Listening interface: This is the network interface that Monitor will listen on
for MQTT messages. The interface is specified by its IP-address, noting that
the address entered here should always be the internal or private IP address
for the Monitor server and not its public IP address.
• Port: The port Monitor will listen to. By default, this is set to the standard TLS,
MQTT port 8883. Ensure that incoming MQTT, TCP connections to the
designated port are not blocked by a firewall and that where multiple Monitor
services are listening on that IP address, unique ports are used for each.
TLS certificate
The app to @ptitude Observer software and the gateway to @ptitude Observer
software (back-end) interfaces both support Transport Layer Security using a server
certificate and a Certificate Authority (CA) certificate stored in the back-end. The
server certificate is used when setting up the TLS connection. The CA certificate
contains information about the issuer of the server certificate and is used to ensure
that the CA can be trusted.
The server certificate can be a:
• self-signed certificate
• certificate provided by the customer’s IT department
A description of how to generate a self-signed certificate is included in the Observer
Installation manual, part number 32170700, revision Q or later.
To protect against “man-in-the-middle” attacks, the CA certificate is sent to the
gateway at gateway commissioning, via the app. This CA certificate is used by the
gateway when connecting to the back-end, to verify that the server certificate is
signed by an official CA and can be trusted.
If TLS is to be used; add the server certificate using @ptitude Observer Monitor
Manager. In Monitor Manager, right click the monitor service to which the certificate
is to be added and click “properties” or select it then use Action > Properties from the
menu or just double click it: