SSL Configuration

Staex MCC can distribute SSL CA certificates across all nodes in a network and install them as trusted certificates on each host. This is useful for deploying internal CAs to IoT fleets or ensuring that all nodes trust the same certificate authorities.

To enable SSL certificate distribution, update the main configuration file:

1. Set ssl-install = true
2. Provide the path to your CA certificates via the ssl-certificates parameter
3. Restart the MCC service to apply changes

Certificates are distributed incrementally. Only new or changed certificates trigger updates on remote nodes; unchanged certificates are not re-sent. The distribution mechanism uses the ssl-manage-script parameter to invoke a system script that handles trust store installation on each platform.

The default management script supports most Linux distributions and macOS. On macOS, the script may trigger interactive password prompts when modifying the system keychain. If you need custom installation behavior, you can provide your own script at /usr/libexec/mcc-ssl or specify a different path via the ssl-manage-script configuration parameter.