IBM Bluemix Watson IoT - TLS via token?

Question

I'm pretty confused concerning the terminology used by IBM. I'm currently working with Watson IoT and embedded devices using MQTT. As you know, embedded devices sometimes do not have the capability to secure a connection via certificates (former SSL). Watson IoT therefore offers a secure connection (?) called "TLS with authentication token". That's what's confusing me. I learned that for a SSL (now TLS) connection you need to pass certificates to the server. How can you establish a TLS connection just by using/sending a auth token? Or do they just mean the authentication process instead of a secured and encrypted connection?

Thanks in advance and have a nice weekend!

Answer 1

If you're using MQTT, the simplest way to connect your device to the Watson IoT Platform is as follows:

When you register your device, you define (or get given) an authentication token - in effect, a password for that device. You have two main options on how you use this token to connect the device to Watson IoT Platform at orgId.messaging.internetofthings.ibmcloud.com:

• Port 1883 (this is non-TLS)
• Port 8883/443 (this is TLS)

In both cases the password is used to authenticate your device - but only in the second is the on-the-wire traffic encrypted (which is why we strongly recommend using TLS/port 8883/443 where possible). The encrypted connection is over TLS: Watson IoT Platform presents a certificate to allow your TLS-enabled device to validate the certificate and hence trust it's talking to Watson IoT Platform.

There are further options to build on this. You can configure device certificates (e.g., see here) - but I haven't discussed these as - hopefully! - I'll have answered your question using the simple patterns above. Further details on connecting to the platform are available here.

Links correct at the time of writing