MQTT API Authentication
In order to send data to DRIVR via the MQTT API e.g. from embedded devices, you need a device certificate, a fitting private key and the certificate of the signing certificate authority to authenticate against DRIVR.
Creation of device certificates can be done via the drivr-certificate-client
.
Alternatively, you can create a certificate signing request on your own and
pass it to the GraphQL using the createCertificate
mutation.
In this guide we will use the drivr-certificate-client
to generate a device
certificate.
- A DRIVR User API Token
- Download the latest releases from https://github.com/xcnt/drivr-certificate-client/releases/latest
- Unpack the downloaded archive e.g.
tar xf drivr-certificate-client_1.0.0_linux_amd64.tar.gz
- Put
drivr-certificate-client
somewhere on your PATH e.g.sudo install drivr-certificate-client /usr/local/bin
Request a certificate for a component or system using drivr-certificate-client
drivr-certificate-client create certificate --name <name> [--system-code <system code> | --component-code <component code>] --drivr-api <URL to DRIVR>
Example:
Requesting a certificate for a component with the code coffeemaker
on the domain cafe
drivr-certificate-client create certificate --name coffemaker --component-code coffeemaker --drivr-api https://cafe.api.drivr.cloud
Example:
Requesting a certificate for a system with the code coffeemachine
on the domain cafe
drivr-certificate-client create certificate --name coffeemachine --system-code coffeemachine --drivr-api https://cafe.api.drivr.cloud
The API token should be exported via the environment variable DRIVR_API_KEY
otherwise drivr-certificate-client
will ask you for it.
The drivr-certificate-client
will create a certificate in DRIVR and download the signed certificate.
You will find two files after drivr-certificate-client
finished:
<code>.crt
containing the device certificateprivate.key
containing the private key for the certificate
To connect to the MQTT API also the certificate authority's certificate is needed. You can download the default issuers certificate via:
drivr-certificate-client fetch ca --drivr-api <URL to DRIVR> --api-key <API token>
Example:
Downloading the certificate for the default certificate authority on the domain cafe
.
drivr-certificate-client fetch ca --drivr-api cafe.api.drivr.cloud --api-key Tk8gVEhJUyBJUyBOT1QgQSBWQUxJRCBUT0tFTgo=
The downloaded certificate will be put into ca.crt
.
API URL and key can also be exported via the environment variables DRIVR_GRAPHQL_API
and DRIVR_API_KEY
.