Message Queuing Telemetry Transport (MQTT) gateways use the standard MQTT protocol and provide multiple features. The features include custom certificates, server-side one-way verification, Online Certificate Status Protocol (OCSP) for devices, two-way secure connections between devices and servers, and certificate management. This topic describes the features of MQTT gateways and how to connect a device to IoT Platform by using an MQTT gateway and enable communication.
Features
You can connect devices to IoT Platform by using an MQTT gateway only if you use an Exclusive Enterprise Edition instance in the China (Shanghai) region.
Feature | Description |
Custom port numbers | The default port number of the endpoint of an MQTT gateway is 1883. You can specify a custom port number that ranges from 1024 to 65535. |
One-party verification | IoT Platform provides the verification service. You must create a gateway for which one-party verification is enabled, import multiple devices to the related product, and then connect the devices to IoT Platform over MQTT. |
Third-party verification | A developer manages the verification service. You can use certificate common names (CNs) or UserNames to register devices. The following verification methods are supported:
|
Data parsing | You can use the data parsing feature of custom topics to convert data that is submitted by devices to data in the required format. For more information, see Message parsing. |
X.509-based device verification | Gateways provide server-side one-way verification and two-way verification between devices and servers to verify device identities. |
OCSP | Gateways provide server certificates and device certificates. Specifies whether to enable the Online Certificate Status Protocol (OCSP) feature. OCSP |
Verify a device
One-party verification
Create an MQTT gateway: When you create a gateway, set the Authentication Type parameter to One-party Verification and configure other parameters based on your business scenario.
Add devices to an MQTT gateway product: Import the serial numbers (SNs), MQTT usernames, and MQTT passwords of multiple devices to the gateway product. The SNs are optional.
Specify an MQTT endpoint for a device and connect the device to IoT Platform.
If an endpoint is specified for a device, you must configure a CNAME record to change the endpoint to the gateway URL. For more information about how to resolve domain names, see Alibaba Cloud DNS.
If no endpoint is specified for a device, you must specify the gateway URL as the endpoint of the device. For more information, see Connect a device to IoT Platform over MQTT.
Third-party verification (Function Compute)
Create a Function Compute service and create a Function Compute function: The service and function are used to perform third-party verification on the device.
The request that you want to send to implement the verification function and the response parameters must comply with the definition of the function. You can specify a custom name for the function. For more information about the request parameters and response parameters of a verification function, see Function Compute functions.
Create an MQTT gateway: When you create a gateway, set the Authentication Type parameter to Third-party Certification, the Third-party Verification Method parameter to Alibaba Cloud FC, the Device-verified FC Service parameter to the service that you created, and the Device-verified FC Function parameter to the function that you created. Then, configure other parameters based on your business scenario.
The first time you connect a device to IoT Platform after the gateway is created, IoT Platform automatically creates and enables the device based on the value of the deviceName parameter that is returned by the verification function.
Third-party verification (HTTPS-based device verification service)
Create a third-party device verification service that can be called over HTTPS.
The request parameters that are required to call the device verification service and the response parameters must comply with the definition of the device verification service. For more information, see Create an MQTT gateway.
Create an MQTT gateway: When you create a gateway, set the Authentication Type parameter to Third-party Certification, the Third-party Verification Method parameter to External HTTPS, and the Device Verification HTTPS URL parameter to the HTTPS URL of the device verification service that you created. Then, configure other parameters based on your business scenario.
The first time you connect a device to IoT Platform after the gateway is created, IoT Platform automatically creates and enables the device based on the value of the deviceName parameter that is returned by the HTTPS-based device verification service.
Communication between a device and IoT Platform
An MQTT gateway device can communicate with IoT Platform by using a custom topic. IoT Platform can pass through the upstream and downstream communication data of the device. For more information, see Messaging.