Closed bbartling closed 3 years ago
updated question about certs for open leadr open ADR authentication
Authentication using certificates is definitely supported in the current version of OpenLEADR.
A short explanation of what certificates do in OpenADR is in our documentation here. Certificates allow parties to authenticate, meaning: to prove that they are who they say they are. For this to work, a few things must happen:
vtn_fingerprint
parameter when starting; on every connection, the VEN will read the VTN's presented certificate, calculate the fingerprint, and compare it to the one that you configured as the vtn_fingerprint
parameter. If it matches, it can be sure that its talking to the correct VTN.ven_lookup
function in the VTN's constructor does. Please see this part of the server docs.Well cool I think I got this working with certificates now between VEN & VTN. This is just an experiment I have running on a test bench. I ran the generate_certificates.sh
on the VTN side and just copied the key.pem
& cert.pem
to my VEN device certs directory.
Starting the VEN script:
********************************************************************************
Your VEN Certificate Fingerprint is
B7:63:B8:99:7B:9F:74:7F:9B:89
Please deliver this fingerprint to the VTN.
You do not need to keep this a secret.
********************************************************************************
I'm still a little bit confused on how to incorporate this Please deliver this fingerprint to the VTN.
Is this something I need to do on my VTN script?
VEN script:
# Create the client object
client = OpenADRClient(ven_name='ven123',
ven_id='ven123',
vtn_url='http://11.22.33.44:8080/OpenADR2/Simple/2.0b',
cert='./certificates/certs/cert.pem',
key='./certificates/certs/key.pem',
passphrase='AmazingSecret!')
VTN script:
# Create the server object
server = OpenADRServer(vtn_id='myvtn',
http_host='0.0.0.0',
cert='./certificates/certs/cert.pem',
key='./certificates/certs/key.pem',
passphrase='AmazingSecret!')
Hi Stan,
I am trying to experiment with using certs for the open ADR authentication. Any chance I could get some tips?
On a new and different cloud linux hosting site (thank for all of the prior Heroku help btw, I can see now that Heroku probably shouldn't be used for open ADR) I can get my remote open Leadr VEN script to connect with my cloud open leader VTN script, but how can I do this with certs? I think I saw in the project road map that .pem support at some point in time... Is cert authentication between client and server available now?
This works from building to cloud Linux hosted VM VTN:
On my building side VEN:
I am also working in Python 3.9.5 with the virtual environments as recommended in the docs git cloning the repo. I also notice in the repo that there is example certs (
dummy
) in a directory too as well as agenerate_certificates.sh
which ill have to figure out how to use in time.So any chance for a few tips related too how to change my VEN & VTN scripts to handle certs for authentication greatly appreciated.
Would there be any chance can you help me understand the VEN & VTN open leader API's on what I would all need to pass through to
class openleadr.client.OpenADRClient
andclass openleadr.server.OpenADRServer
for how open ADR specifies using certs?For some reason I dont understand where the
fingerprint
comes into play between the client/server. Any time you have in response greatly appreciated...