1. Using Oracle Internet of Things Asset Monitoring Cloud Service
  2. Work with Your Assets
  3. Create and Manage Assets
  4. Use Direct Data Ingestion for Your Sensor Attributes
  5. Demonstration: Ingest Data Through a Connector Using Certificate-Based Authentication

Demonstration: Ingest Data Through a Connector Using Certificate-Based Authentication

We create a connecter, and ingest data for an asset that connects through this connector. We create and use the leaf certificate of the connector to authenticate with the IoT server. We use the MQTTS protocol to publish data.

The IoT server traces the certificate chain to the validated root certificate and allows data ingestion for the asset.
  1. Use the Create Connector option to create a connector from the Menu >Settings > IoT Organizations > Organization Name > Device Connections > Connectors page.


    Connectors Page: Create Connector


    Create Connector Dialog

    We create a Network Server connector here. You could also create a gateway connector.


    Connector Details dialog

    We specify a connector Name (Connector1) and External ID (myconnector). We choose Client Certificate authentication. The External ID of the connector is used as the Common Name for client certificate authentication. When creating a leaf certificate for the connector, we must use the same common name.

  2. Create the asset type.


    Asset Type Editor with Sensor Attributes

    We create an asset type, Env_Sensor with sensor attributes for temperature and pressure.

  3. Create an asset for the asset type, and set the data source for the sensor attributes to Direct.


    Asset Editor

    We create an asset, Env_Sensor2 for the asset type, and set the Data Source value for the sensor attributes Temp and Pressure to Direct.

  4. Set the Direct Data Source Options for the asset in the Asset Editor.


    Menu: Data Source Options


    Asset Sensor Attribute Data Source Options

    We configure the asset sensor attributes to use the connector that we created. We specify an external ID, sensor2 to identify the sensor device in the MQTT topic.

  5. Create the certificate hierarchy in IoT and create the leaf certificate for the connector.

    We create an intermediate certificate for the verified root certificate and upload it to the IoT server. Next, we create a leaf certificate with the intermediate certificate as its parent. The leaf certificate uses the common name of the connector. The leaf certificate is used by the connector when connecting to the IoT server to send data for the asset.

    1. Create an intermediate certificate for the verified root certificate.

      We run the gencert.sh utility to generate the intermediate certificate:

      ./gencert.sh intermediate intermediate-common-name --parent parent-common-name


      Generate intermediate certificate using gencert

      We use the common name SFOunit for the intermediate certificate and create it under the verified visioncorp root certificate.

      The tool generates files, such as the intermediate certificate file (SFOunit-cert.pem) and the private key (SFOunit-key.pem) under the certs\visioncorp\SFOunit directory.


      Intermediate Certificate Files

    2. Upload the intermediate certificate to the IoT server.


      Upload Intermediate Certificate

      We upload the certificate from the Settings > Security > Certificates page.


      Dialog box for uploading intermediate certificate

      We specify a name and description for the certificate and upload the SFOunit-cert.pem certificate file.


      Uploaded Intermediate Certificate

      The uploaded intermediate certificate appears on the Certificates page under the root certificate. Note that the SFOunit certificate is already verified, as it was created under the verified root certificate.

    3. Create a leaf certificate for the connector.

      We run the gencert.sh utility to generate the leaf certificate:

      ./gencert.sh leaf leaf-common-name --parent parent-common-name


      Use gencert utility to generate leaf certificate

      Note that the common name for the connector leaf certificate (myconnector) is the same as the external ID that we specified for our connector. The leaf certificate is created with the intermediate certificate as its parent.

      The tool generates files, such as the leaf certificate file (myconnector-cert.pem) and the private key (myconnector-key.pem) under the certs\visioncorp\SFOunit\myconnector directory.


      Leaf Certificate Files

      We use the leaf certificate of the connector when sending data for the IoT device connected through the connector.

  6. Generate a sample schema for the asset from the Asset Inventory page.


    Asset Inventory Page: Generate Sample Schema


    Sample payload schema for Env_Sensor2

    We choose a JSON schema and the MQTTS (PUB) protocol. We select the asset and choose to generate a sample payload for all its sensor attributes. The sensor ID is included in the endpoint topic here, but you could also choose to include it as part of payload. We generate a sample schema for a single measurement.

    When sending data, say using MQTT Explorer, copy the host, topic, and payload from the Sample Schema dialog. Use the connector leaf certificate to authenticate. Edit the payload, as required.

  7. Send data for the device connected through the connector using an MQTT client.


    MQTT Connection Dialog

    We use the host info that we copied from the sample schema dialog. Make sure that the encryption switch is ON, and use the secure port 8883.


    MQTT Connection: Upload Leaf Certificate and Key

    We upload the connector leaf certificate and key under the Advanced section. If you were using a directly connected device, you would use the leaf certificate for the device itself.


    MQTT Topic and Payload Details

    Once connected to the IoT server, we use the topic and payload information copied from the Sample Schema dialog. We edit the payload values as necessary, and publish.

  8. Verify that the published data appears in Operations Center.


    Published Asset Data appears in Operations Center