Centiloc Service Documentation
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Geocore
  2. /
  3. HAAS Data Platform
  4. /
  5. How to
  6. /
  7. Configure User-MQTT Connector

Configure User-MQTT Connector

User MQTT allows long-term and reliable connection between Centiloc platform and your data system.

It uses mutual-X509 authentication and also requires a specific user-password to connect.

Get more details and parameters in detail section
Centiloc is actively developing on this interface to automate most of the steps described below

1. Generate your X509 secrets

In order to secure and authentify your connection, your MQTT client must provide a X509 certificate authorized by Centiloc. To do so, you will need to generate a keypair and a Certificate Signing Request with some required parameters.

Below is a sequence on how to proceed, using openssl, in a terminal.

The MQTT connection is allowed as long as your subscription is active.

The certificate is valid for 1 year. So don’t forget to renew it before it expires.

1.1. Generate your keypair

openssl ecparam -name prime256v1 -genkey -noout -out private-key.pem

Only elliptic curves are accepted with at least 256-bits size.

🔖 This private-key.pem is used in your connection to the User-MQTT broker. Keep it securely.

1.2. Generate a Certificate signing request

openssl req -new -key private-key.pem -out certificate-request.csr>

Some question will be asked. Few fields are mandatory:

  • Organization Name: Your company name, even in case of data access delegation.
  • Common Name: tenantID, which depends on the topic you plan to subscribe to.
  • Email Address: where to send information about your certificate life-cycle (expiry annoucement…).
Example of questions answered 
Country Name (2 letter code) []:FR
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:Centiloc
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:centiloc
Email Address []:myaddress@example.com 

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

1.3. Ask for Certificate signature

Send the certificate-request.csr file to Centiloc support team.

Support team will answer within 1 working day, providing you with your final 🔖 certificate required for MQTT connection.

2. Get Trusted Certificate

In order to verify the MQTT broker identity, please use the below certificate:

Centiloc Public CA Certificate 
-----BEGIN CERTIFICATE-----
MIIB4DCCAYWgAwIBAgIQJ2zplCj2ELe85wkMaXzVgjAKBggqhkjOPQQDAjA5MQsw
CQYDVQQGEwJGUjERMA8GA1UEChMIQ2VudGlsb2MxFzAVBgNVBAMTDlJvb3QgQ0Eg
SXNzdWVyMCAXDTIyMTAxNDA3NDk0MVoYDzIxMjEwNTA4MDc0OTQxWjA5MQswCQYD
VQQGEwJGUjERMA8GA1UEChMIQ2VudGlsb2MxFzAVBgNVBAMTDlJvb3QgQ0EgSXNz
dWVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwM4quMwWnJRLbrAZYIq6fu6G
cOwUU4BhVgTDYIO+a3fCZReZqCIh83FEwk9OwqkCfCSLCRAzxU3XiOqLioXvDqNt
MGswDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNLw
BHIP0DAC3f6fLebOnJY/AxDAMCkGA1UdEQQiMCCCDGNlbnRpbG9jLmNvbYIQd3d3
LmNlbnRpbG9jLmNvbTAKBggqhkjOPQQDAgNJADBGAiEAt8KLXI+K900XdPoU35gj
6nmLZRev7BU28oakRCBEcQACIQCGU3jBfWBI93+i9DubgmD7i8B/wPDdM+ZJ5SVU
nszC7g==
-----END CERTIFICATE-----

3. Get your credentials

Support team will answer to your request above with a valid certificate.

In addition, you will be provided with User and Password dedicated to this single User-MQTT connection.

At this point, you must have:

  • 🔖 private-key.pem file you have generated
  • 🔖 tls-cert.pem file provided by Centiloc
  • User/Password provided by Centiloc
  • Your tenantID. It will be used to prefix your MQTT clientID.
  • ca-cert.pem collected in point 2

4. Connect to User-MQTT

Below is an example of connection to User-MQTT in python:

## We use well-known paho package
import paho.mqtt.client as mqtt

mqtt_client = mqtt.Client(
    client_id=tenantID+"anything", 
    clean_session=True, 
    protocol=mqtt.MQTTv311, 
    transport="tcp")

ca_filepath=some_path + "ca-cert.pem"
tlscert_filepath=some_path + "tls-cert.pem"
privkey_filepath=some_path + "private-key.pem"

mqtt_client.tls_set(
        ca_filepath,
        certfile=tlscert_filepath,
        keyfile=privkey_filepath,
        tls_version=ssl.PROTOCOL_TLSv1_2)

mqtt_client.username_pw_set("username", "password")

try:
    ret = mqtt_client.connect("mqtt-client.centiloc.com", 8883, keepalive=60)
    if ret != mqtt.MQTT_ERR_SUCCESS:
        raise Exception('Failed to connect to broker.')
except Exception as e:
        raise Exception('Cannot connect to broker.')

4. Subscribe to your topic

You can now subscribe to centiloc/<tenantID>.

mqtt_client.subscribe("centiloc/"+tenantID, qos=1)
QoS=1 is a good compromise between quality and performance. We advise this.

5. Decode messages

The events collected from boards and qualified by the data platform are then published to your topic.

You can decode them by deserializing the API section.

gdoc_arrow_left_alt Consume API Details gdoc_arrow_right_alt