I have device certificates working for authentication for my MQTT connection. Now I’m trying to use the same key/cert pair in my HTTPS request for firmware files and it’s failing authentication. If I use username/password authentication, it works I don’t know, at the moment if this is a problem with c8y or the esp32 SDK I’m working with. But I wanted to know if even should work since when I use device certificates, my Info Board shows the owner of the device is "device_ when I use device certificates where it used to show my username when I was using username/password on MQTT authentication. The firmware files show my username as it’s owner in the file repository.
I’m also wondering if it’s possible to turn off authentication for repository files. For security sake, I can simply encrypt the firmware file so I don’t think authentication is necessary. So that would be a quick solution to my issue if that was possible.
I guess you’ve probably missed the first sentence regarding this in the documentation and probably did not connect on port 8443?:
Devices can authenticate to Cumulocity IoT using X.509 certificates over REST (port 8443) using mTLS.
See: Device certificates - Cumulocity documentation and Device integration using REST - Cumulocity documentation
The other option could be to not use mTLS for REST and request a JWT token over MQTT, that you can then use for your REST requests:
https://cumulocity.com/guides/device-integration/mqtt/#jwt-token-retrieval
Regards,
Tristan
When I try any of these methods, I get;
This authentication method is not supported: Basic realm=“Name of Your Realm”
For the JWT, I tried putting the JWT in the password field while setting the username to NULL. Which is the method I used when I used JWT with (the now defunct) Google IoT bridge.
And I’m not using REST, I’m just downloading a file, which I don’t think uses the REST API.
I’m concerned that the errors I’m getting may mean that the SDK doesn’t support these options. So I’m hoping that there might be a way to disable authentication for c8y file downloads.
To use the JWT, your Authorization
header should have the following structure Bearer <JWT>
(replacing <JWT>
with the value you retrieve earlier).
There is no option to disable auth on files that have been uploaded to the binary API (e.g. software/firmware).