MQTT API Authentication

In order to send data to DRIVR via the MQTT API e.g. from embedded devices, you need a device certificate, a fitting private key and the certificate of the signing certificate authority to authenticate against DRIVR.

Creation of device certificates can be done via the drivr-certificate-client. Alternatively, you can create a certificate signing request on your own and pass it to the GraphQL using the createCertificate mutation.

In this guide we will use the drivr-certificate-client to generate a device certificate.

  1. Download the latest releases from https://github.com/xcnt/drivr-certificate-client/releases/latest
  2. Unpack the downloaded archive e.g. tar xf drivr-certificate-client_1.0.0_linux_amd64.tar.gz
  3. Put drivr-certificate-client somewhere on your PATH e.g. sudo install drivr-certificate-client /usr/local/bin

Request a certificate for a component or system using drivr-certificate-client

drivr-certificate-client create certificate --name <name> [--system-code  <system code> | --component-code <component code>] --drivr-api <URL to DRIVR>

Example: Requesting a certificate for a component with the code coffeemaker on the domain cafe

drivr-certificate-client create certificate --name coffemaker --component-code coffeemaker --drivr-api https://cafe.api.drivr.cloud

Example: Requesting a certificate for a system with the code coffeemachine on the domain cafe

drivr-certificate-client create certificate --name coffeemachine --system-code coffeemachine --drivr-api https://cafe.api.drivr.cloud

The API token should be exported via the environment variable DRIVR_API_KEY otherwise drivr-certificate-client will ask you for it.

The drivr-certificate-client will create a certificate in DRIVR and download the signed certificate.

You will find two files after drivr-certificate-client finished:

  1. <code>.crt containing the device certificate
  2. private.key containing the private key for the certificate

To connect to the MQTT API also the certificate authority's certificate is needed. You can download the default issuers certificate via:

drivr-certificate-client fetch ca --drivr-api <URL to DRIVR> --api-key <API token>

Example: Downloading the certificate for the default certificate authority on the domain cafe.

drivr-certificate-client fetch ca --drivr-api cafe.api.drivr.cloud --api-key Tk8gVEhJUyBJUyBOT1QgQSBWQUxJRCBUT0tFTgo=

The downloaded certificate will be put into ca.crt.

API URL and key can also be exported via the environment variables DRIVR_GRAPHQL_API and DRIVR_API_KEY.