Manufacturer Provision

Manufacturer Manager

Manufacturer manager is a Cervello user with privilege to administer a manufacturer account. In Cervello a manufacturer account is a tenant that maintain manufacturer certificates used in device and network provisoing.

Generat Certificate

Go to the manufacturers view, you can access the manufacturers view by clicking on the menu then click on Manufacturers as showen on the image, to make sure that you standing on manufacturers view the word view should be on the left as indicated on the image, then click on the manufacturer name as indicated on the image, if there are no names you can create a new manufacturer by clicking on Create Manufacturer.

manufacturers

To create manufacturer click on Create Manufacturer, an fill in the following form.

manufacturers

Now that you have a manufacturer, next step is to generate the X.509 certificate for this Manufacturer to be added to the devices.

click on manufacturer name, as shown above:

manufacturers

click on Create Certificate, then type any certificate name then click on Create Certificate:

manufacturers

Now private certificates will be generated for this profile and will be displayed in a form

alt text

You will find an option to download each certificate or copy its content.

Save the certificates data securely, along side the other information displayed and will be needed : certificate access Key and certificate access token.

Note: Save the certificates data before closing the modal, it will not be possible to retrieve the certificates once the modal is closed. However, you can delete the certificate for the manufacturer and generate a new one, but all issued devices with this certificate will be invalid.

The Certificate list should be updated:

manufacturers

certificate options, you can View Certificate Details or Delete the certificate.

manufacturers

Device provisioning

Now a manufacturer can provision any device to Cervello by performing the next easy steps in the device firmware :

Uploading Cervello certificate

Devices will need to have the Certificate information generated in the pervious steps in order to connect to Crevello and request device credentials to start sending telemetry and readings data. This information is:

  • Certificate Private Key
  • Certificate Access Key
  • Certificate Access Token

Cervello UID generation

Concatenate both “Manufacturer Device Unique Identifier” , for example the IMEI or MAC address of the device, and “Cervello Certificate Access Token” together using punctuation mark “colon” :.

Example:

For a device with the MAC address 00-14-22-01-23-45 and Cervvelo Certificate Access Token wshzewxbj35y8d9hdf40zxa0tdtpcn

the result will be:

wshzewxbj35y8d9hdf40zxa0tdtpcn:00-14-22-01-23-45

Cervello UID encryption

Use “Cervello Certificate Private Key” to encrypt the generated UID in the previous step.

Example in nodejs:

var crypto = require("crypto");
var path = require("path");
var fs = require("fs");

var encryptString = function(toEncrypt) {
    var absolutePath = path.resolve("./certs/key.pem");
    var privateKey = fs.readFileSync(absolutePath, "utf8");
    var buffer = new Buffer(toEncrypt);
    var encrypted = crypto.privateEncrypt(privateKey, buffer);
    return encrypted.toString("base64");
};

encryptString("wshzewxbj35y8d9hdf40zxa0tdtpcn:00-14-22-01-23-45");

Encryption result:

`Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe
4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ==`

Provision request

Now everything is ready to make HTTPS POST request to Cervello to provision device using “Cervello Certificate Access key” as URI param and encryption result from pervious step as a request JSON body.

Cervello will verify the encrypted token using the manufacturer Cervello certificate public key generated in the previous steps. Once this is done, Cervello will create the device in the owner organization devices repository if the device unique identifier exists.

alt text

2.5.1 Example request

URL: > https://api.cervello.io/compose/v1/provision/:manufacturerCertificateKey

Body:

 {
   "token": "Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ=="
 }
var request = require("request");
var options = {
    method: 'POST',
    url: 'https://api.cervello.io/compose/v1/provision/8uryjc3hdrg9vk7r',
    headers: {'Cache-Control': 'no-cache', 'Content-Type': 'application/json' },
    body: {
        token: 'Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ== '
    },
    json: true
};
request(options, function (error, response, body) {
    if (error) throw new Error(error);
    console.log(body);
});
curl -X POST \
  https://api.cervello.io/compose/v1/provision/8uryjc3hdrg9vk7r \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ=="
  }'

2.5.2 Example response body

{
    "code": 1,
    "messageKey": "success",
    "result": {
        "organizationId":"f891d3c7-66b9-4aaf-a920-a90f322d9feb",
        "deviceId":
        "6c6a9704-70ed-47d5-8d5a-25b3d1545669",
        "accessKey": "2r3o6nwkq0xvnh",
        "accessToken": "4m8do9q902d5uj",
        "credentialsType": "Token",
        "id": "750b400b-5d3a-4ff9-a62b-535bf2e544c4"
    }
}

VPN Device provisioning

Now a manufacturer can provision any device to Cervello Network manager VPN by performing the next easy steps in the device firmware :

Uploading Cervello certificate

Devices will need to have the Certificate information generated in the pervious steps in order to connect to Crevello and request device credentials to start sending telemetry and readings data. This information is:

  • Certificate Private Key
  • Certificate Access Key
  • Certificate Access Token

Cervello Device UID generation

Concatenate both “Manufacturer Device Unique Identifier” , for example the IMEI or MAC address of the device, and “Cervello Certificate Access Token” together using punctuation mark “colon” :.

Example:

For a device with the MAC address 00-14-22-01-23-45 and Cervvelo Certificate Access Token wshzewxbj35y8d9hdf40zxa0tdtpcn

the result will be:

wshzewxbj35y8d9hdf40zxa0tdtpcn:00-14-22-01-23-45

Cervello UID encryption

Use “Cervello Certificate Private Key” to encrypt the generated UID in the previous step.

Example in nodejs:

var crypto = require("crypto");
var path = require("path");
var fs = require("fs");

var encryptString = function(toEncrypt) {
    var absolutePath = path.resolve("./certs/key.pem");
    var privateKey = fs.readFileSync(absolutePath, "utf8");
    var buffer = new Buffer(toEncrypt);
    var encrypted = crypto.privateEncrypt(privateKey, buffer);
    return encrypted.toString("base64");
};

encryptString("wshzewxbj35y8d9hdf40zxa0tdtpcn:00-14-22-01-23-45");

Encryption result:

`Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe
4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ==`

Provision request

Now everything is ready to make HTTPS POST request to Cervello to provision device vpn using “Cervello Certificate Access key” as URI param and encryption result from pervious step as a request JSON body.

Cervello will verify the encrypted token using the manufacturer Cervello certificate public key generated in the previous steps. Once this is done, Cervello will create the device in the owner organization devices repository if the device unique identifier exists.

Example request

URL: > https://api.cervello.io/compose/v1/provision/i3aa6qqiqbh951wt/vpn

Body:

 {
   "token": "Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ=="
 }
var request = require("request");
var options = {
    method: 'POST',
    url: 'https://api.cervello.io/compose/v1/provision/i3aa6qqiqbh951wt/vpn',
    headers: {'Cache-Control': 'no-cache', 'Content-Type': 'application/json' },
    body: {
        token: 'Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ== '
    },
    json: true
};
request(options, function (error, response, body) {
    if (error) throw new Error(error);
    console.log(body);
});
curl -X POST \
  https://api.cervello.io/compose/v1/provision/i3aa6qqiqbh951wt/vpn \
  -H 'Content-Type: application/json' \
  -d '{
    "token": "Lk+XHWuAvXht3FZedCoTDLy1vsA1+6FpUbZM//4Y8HOPgGZj7RZFUbMH6nZ/Frm9J9j6JxOyS2uwMhPzB9ke5ycT5bTggCy0yG+OFcnwu4v0+MhCW6VOafqY4qZrR3XzDpJIsGDle72+GFvh+/maHM8fm5SJ2BQ3iZlMs/tI+r+uhuTMfsdoMKPgaQn31gj40S3HU3mOBmn3uHrCfCwe4qoXJIBKit8hyFPwhWsrEMdAan8ZcVE+tHHHkz5ZIGIV2NwIqY+wRCPqwjk9yFTFGcK2bTjED0fb68yUvsyrSC1E41vjTiSJXlyEIXzRetRrIhcgzBWzAYoj6g7MZDbdxQ=="
  }'

Example response body

{
    "code": 2001,
    "messageKeys": "success",
    "message": "createdSuccessfully",
    "result": {
        "fileName": "VPN2tewst2_devicenetworktest_VPN2tewst2.ovpn",
        "content": "{OVPN File contet}"
    }
}