Automatic device registration with device certificate

Devices that are directly connected to Bosch IoT Hub can be auto-registered if they are trusted based on a device certificate that is accepted by the device connectivity layer.

To do this, the following steps are necessary:

  1. Install a CA certificate for your tenant and configure the auto-registration feature.

  2. Connect a new device which then will be registered automatically.

As soon as the device sends an event or telemetry data for the first time, it is automatically registered by IoT Hub because it is recognized as trusted based on the certificate.

Note
We recommend using events for auto-registration, as we guarantee delivery for this type of messages. Telemetry messages may be lost.

Prerequisites

Install a CA certificate for your tenant and configure the auto-registration feature

Also refer to Manage CA certificates.

  1. In the Management API navigate to the tenant section and select the PATCH operation.

  2. Press the Try it out button.

  3. Enter your tenant-id in the tenant-id field.

  4. In the Request body:

    • Select the Add certificate with auto provisioning operation referring to the trusted-ca property.

      The request body pre-configured for auto-registration of a device is provided in full.

    • In this example, auto-provisioning of gateways shall be enabled. So set the value of "auto-provisioning-as-gateway" to true.

    • If required, adjust the name for your device identifier in the template configuration parameter "auto-provisioning-device-id-template". There are two placeholders which can be used to generate descriptive names, {{subject-CN}} and {{subject-DN}}. Please consult the API documentation for further details.

    The request body should look as follows:

       [
         {
           "op": "add",
           "path": "/trusted-ca",
           "value": [
             {
               "cert": "Base64 encrypted certificate in PEM format"
               "auto-provisioning-enabled": true,
               "auto-provision-as-gateway": true,
               "auto-provisioning-device-id-template": "your-namespace:{{subject-DN}}"
             }
           ]
         }
       ]
    
  5. Finally run the request by hitting the Execute button.

  6. Verify that the request was successful (HTTP status code 204).

The Tenant was successfully modified with the given patch operation.

Simulate a new device needs to be registered automatically

  1. Download the server certificate for MQTT TLS encryption.

    curl -o iothub.crt https://docs.bosch-iot-suite.com/hub/iothub.crt
    
  2. Send an event from the gateway on behalf of the device to simulate device registration.

    In our case the request body looks like this:

     mosquitto_pub -h mqtt.bosch-iot-hub.com -p 8883 -t event/{tenant-id}/{device-id} -m 
     '{
       insert your payload here
     }' 
     -q 1 --cert demo-certs/certs/gateway-cert.pem --key demo-certs/certs/gateway-key.pem --cafile iothub.crt
    

Concerning the registration process, the payload is not relevant at this step. It will be forwarded to the northbound application (e.g. Things service).

The device or both the gateway and the device on whose behalf the gateway sends a message are registered automatically.

Note
Please take into account that the protocol adapters of Bosch IoT Hub have a caching mechanism in place for devices and their credentials. That means if you make changes in the device’s or credentials' properties, it takes some time until the protocol adapters apply the changes. Currently the cache setting is configured to 10 minutes.
Corporate information Data protection notice Legal information Support Free plans