Dear community,

currently I´m doing a small IoT usecase using SAP IoT 4.0.

A small device with sensors is collecting the data (using paho mqtt client with python) and forwarding to a local broker (mosquitto v1.6.7) running on it, which should bridge the messages all to SAP IoT 4.0 tenant. To achieve this I´ll need TLS configured on my broker and client. Here is my question: I can create the device certificate in IoT 4.0 (containing the public and private key) and have the DigiCertGlobalRootCA certificate from SAP. But for the configuration I would also need another certificate for my local broker (so to say the server cert and key). I´ve tried it do create another certificate (for my local broker for the same device instance in IoT 4.0) but it failed and giving me an error (see below) on my mosquitto broker. Do you have any tips?

Once I connect my device with the certificates and key created together with the CA cert only to SAP IoT 4.0 the connection is working perfectly and sending data.

Also a bridge connection between the local broker and SAP IoT 4.0 is working by using the certificate file. The connection between client and local broker fails with two generated certificates from IoT 4.0.

1) Mosquitto error when connecting client to local broker

2) Client pyhton error when connection to local broker

OpenSSL Error: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca

certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)