Obtaining Auto-Generated Agent Certificate - Developer Documentation
Skip to content

Obtaining Auto-Generated Agent Certificate

To connect with the Insights Hub environment, MQTT agents need to authenticate themselves by a unique X509 certificate identity. The MQTT agent needs to authenticate with an agent certificate. MindConnect MQTT agents can request auto-generated agent certificate using the MindConnect MQTT API.

Prerequisites

  • Insights Hub environment: Within this document, the parameter <tenantId> is the name of your Insights Hub environment.

  • Gawk: Certificate content as JSON string, you need to escape newline characters in your certificate file. You can print the escaped version.

Info

Auto-Generated Agent Certificate is currently available in region europe 1.

Obtaining auto-generated agent certificate

You need to make a POST request to agentCertificates with the following JSON payload:

Info

The <TOKEN> header parameter needs to be replaced by an actual token.
The name payload parameter needs to be replaced by an actual name. This field is mandatory.
The owner payload parameter may be replaced by an owner. This field is optional.

Sample HTTP request body:

POST /api/mindconnectmqtt/v3/agentCertificates HTTP/1.1
Host: gateway.eu1.mindsphere.io
Content-Type: application/json
Authorization: Bearer <TOKEN>
{
"name": "device001",
"owner": "somebody@some.com"
}

Sample response body:

{
"id": "01G16QJSRNKA3JD4DQE2Z7KPEK",
"name": "device001",
"agentName": "mqtt1_device001",
"owner": "somebody@some.com",
"agentId": "9eyf37799b5949099a5287a547f8e001",
"clientId": "mqtt1_device001",
"privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEAkpNm5P/3hHGKJ+ swJe9A==\n-----END RSA PRIVATE KEY-----\n",
"publicKey": "-----BEGIN CERTIFICATE-----\nMIIDWTCCAk\n-----END CERTIFICATE-----\n",
"status": "READY"
}

Storing private key and public key in separate files

The generated private key and public key are confidential. You must securely store it.

Contents of the privateKey and publicKey must be escaped in order to use it in the JSON payload then they need to be stored in separate files. You can use the awk command:

LINUX / WINDOWS:

awk '{gsub(/\\n/,"\n")}1' public-key.pem > public-key.txt && mv public-key.txt public-key.pem
awk '{gsub(/\\n/,"\n")}1' private-key.key > private-key.txt && mv private-key.txt private-key.key
Sample output:

  -----BEGIN RSA PRIVATE KEY-----
  MIIEpAIBAAKCAQEAt0RP2Fxxt2GUJAkpNm5P/3hHGKJ+9opB0zNnEZqp/14VYfKO
  XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  B3+jq7aqs2VIqV06Xlw7Wxs2nZ76Vrerz2DXbPc7sbCKLKFVMPcbeiQJ/hNnFMSL
  OuBGKqsu2vXgDjlgUm8Z+DxVk4/swkYdnjq180vtjJMhiUpBctJe9A==
  -----END RSA PRIVATE KEY-----

Except where otherwise noted, content on this site is licensed under the Development License Agreement.

Last update: April 13, 2023