How can I manage device certificates for Device Communication Handshakes with Eclipse Ditto

Question

I have device-signed certificates to establish a handshake between the device and Digital Twin (ca.crt, client.crt, client.key)

However, I don't know where I can configure these certificates in the Ditto Digital Twin or how to publish these certificates.

Can you please guide me through the process?

{
  "uri": "<secure-transport-protocol>://<host>:<port>/<path>",
  "credentials": {
    "type": "client-cert",
    "cert": "-----BEGIN CERTIFICATE-----\n<client certificate>\n-----END CERTIFICATE-----",
    "key": "-----BEGIN PRIVATE KEY-----\n<client private key>\n-----END PRIVATE KEY-----"
  }
}

I tried adding the client certificate/private key in my ditto MQTT connection, but ditto is not accepting the format, or that this is NOT how it is supposed to be carried out.

score 1 · Answer 1 · answered Dec 06 '22 at 11:17

Eclipse Ditto uses a "layered architecture" for integrating devices.
Meaning that devices do not connect directly to Ditto, but to a "device connectivity layer" - as also shown in the overview picture:

In an MQTT broker or in Eclipse Hono you would configure the client certificates of your devices.
The devices would authenticate against the device connectivity layer - and Ditto "trusts" this layer to have checked and enforced the authentication and authorization of devices.

In your Ditto connection (to e.g. either an MQTT broker or Eclipse Hono), you would also connect to the MQTT broker, but probably not using a "device credential" as Ditto does not act as device, but as a backend, e.g. processing messages of thousands of connected devices.

How can I manage device certificates for Device Communication Handshakes with Eclipse Ditto

1 Answers1