2-June-2022 DC CAW
An OpenDXL Broker is available for all CAW participants to connect with and experiment on. There are great open source client libraries available to hit the ground running in Python and Java. DXL is a cousin of MQTT that is secure by default, among other differences, so please read on to learn how to connect.
The OpenDXL Broker requires mutual authentication. In short, you must connect to the broker with a PKI certificate signed by the broker’s self-generated Certificate Authority. Luckily, this is a straighforward process. There are a few methods to get a signed key/cert package, shown in order of ease:
Remember to look in Slack/Discord for a pinned message with the connection details, not shown here.
Login to the broker’s web console and create a signed key package to download:
Client Configuration
Your name or company name
If you download the OpenDXL Python Client, it comes with a simple command line utility for this task. You can get a signed key package (as in Option A), or submit your own Certificate Signing Request if you’re using your own private key and cert.
This will retrieve a complete signed key package:
dxlclient provisionconfig ./ BROKER_IP
YOUR_NAME_OR_COMPANY_NAME
This will use your own Certificate Signing Request supplied as client.csr
dxlclient provisionconfig -r ./ BROKER_IP client.csr
In both cases, you’ll be prompted for the USERNAME and PW.
However you proceed, you’ll receive client.zip that contains:
File | Description |
---|---|
ca-bundle.crt | The broker’s certificate. |
client.crt | Your signed client certificate. |
client.key | Your private client key, if you didn’t generate your own CSR. |
dxlclient.config | The broker’s IP and port. If using the OpenDXL client libraries mentioned above, this config is generated for them specifically. |
If you are using the OpenDXL client libraries mentioned above, they accept the dxlclient.config file you received above. The quickest Python Hello World program is here, but you can just follow these steps:
mkdir dxl_hello_world && cd dxl_hello_world
python -m venv venv && source venv/bin/activate
wget https://github.com/opendxl/opendxl-client-python/releases/download/5.6.0.3/dxlclient-python-sdk-5.6.0.3.zip
unzip dxlclient-python-sdk-5.6.0.3.zip
cd dxlclient-python-sdk-5.6.0.3/lib/
pip install dxlclient-5.6.0.3.zip
cd ../sample/
python basic/event_example.py
deactivate
Please sandbox all of your tests by prefixing your name or company to all topic-names and topic-filters. This is not for privacy, but to avoid unknowingly spamming anyone who subscribed to a topic you publish to.
For example, please use this format (with your name, company, etc):
patrickc/oc2/cmd/
patrickc/#
patrickc/foo/bar
Do not use:
oc2/cmd/
#
foo/bar
Use one of the following commands to create your key and Certificate Signing Request. Be sure and use your name.
openssl req -out client.csr -subj "/CN=YOUR_NAME_HERE" -new -newkey rsa:2048 -nodes -keyout client.key
openssl req -out MY_CSR -subj "/CN=YOUR_NAME_HERE" -new -newkey rsa:2048 -keyout client.key
Please reach out on the plugfest Discord and Slack channels, we want this to be as easy as possible.