I am using hono for one of my project. I have deployed MQTT-adapter, Registry-Server and Kafka through helm.
Currently, I am authenticating the devices using username and password. I am able to create the new tenant and able to register multiple devices into the tenant. I am also able to send the data on MQTT telemetry topic and able to consume it through Kafka in the java backend application.
My expected end Goal: Currently, I am authenticating the devices using username and password. Username-Password based authentication is working good for me. Now I want to avail the certificate based authentication.
What I have done till now to implement certificate based authentication:
I created a tenant named “DEFAULT_TENANT” using below steps:
Step-1: I have the certificates in the same folder where I am running this command
CERT=$(openssl x509 -in default_tenant-cert.pem -noout -pubkey | sed '/^---/d' | awk '{ printf "%s", $0 }')
Step-2:
TENANT_ID=DEFAULT_TENANT
REGISTRY_IP={{My Registry IP Here}}
curl --location 'https://${REGISTRY_IP}:28443/v1/tenants/${TENANT_ID}'
--header 'content-type: application/json'
--data '{
"trusted-ca": [
{
"cert": "'${CERT}'"
}
],
"ext": {
"messaging-type": "kafka"
}
}'
After following above steps to check the status of tenant creation:
{{My Registry IP Here}}/v1/tenants/DEFAULT_TENANT
I get the below response:
{
"ext": {
"messaging-type": "kafka"
},
"trusted-ca": [
{
"id": "78d55b66-aad1-4250-971a-a20a8a8446dc",
"subject-dn": "CN=DEFAULT_TENANT_CA,OU=Hono,O=Eclipse IoT,L=Ottawa,C=CA",
"public-key": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdVSIdH4aebiwLpVs5Zid3RhcnfevM6Bk369eiL6o8VNEBnb21oFcqynKSQFc3gcy8vbq/jpXg3Yi+DsDC23EeA==",
"algorithm": "EC",
"not-before": "2023-12-01T19:23:58Z",
"not-after": "2024-11-30T19:23:58Z",
"auto-provisioning-enabled": false,
"auto-provision-as-gateway": false
}
]
}
Where I got stuck:
I got stuck at device registration with certificate support. I have created the certificates for device “4711” and trying to add this device to support certificate based authentication.
CERT=$(openssl x509 -in device-4711-cert.pem -noout -pubkey | sed '/^---/d' | awk '{ printf "%s", $0 }')
I got the value “MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEtrF+3Bgyi25Mvj/AB3eB2MkOYttS0oN2n8pjZ2L8ZJN5KrO1pMRmk+TyrHT5BbRZYujYjycxqzzdICxk3Yi3pg==”.
I was referring to the https://eclipse.dev/hono/docs/api/credentials/ Here I got some way to do it using credentials api but it needs AMQP adapter to be available on Hono.
As I only have MQTT, Kafka and Registry-Server pods available on my dev environment Hono. Is there any way to do it using the Registry-Server while registering the device or any other easiest way to do it?
Expected End Goal:
mosquitto_pub -h {{My MQTT IP Here}} -p 8883 --cert device-4711-cert.pem --key device-4711-key.pem --cafile trusted-certs.pem -t t -m '{"temp": 5}'
This should work with provided certificate.
Thanks in advance!