Nexeed
    • Introduction
    • User manual
      • Getting started
        • Device registration overview
          • Registering a device
          • Self-registration of devices
        • Device claiming
          • Adding a ctrlX Core device
          • Adding a Rexroth connectivity unit device
      • Device overview
        • Setting the filter for the search
        • Device details
        • Edit device properties
        • Roll out artifacts on one or more devices
        • Rolling out a distribution
      • Device groups
        • Creating a device group
      • Machine overview
        • Create, edit and delete machines
        • Adding machines and devices via CSV file import
        • Structure of the CSV import file
      • Activity overview
      • Distribution overview
        • Managing distributions
        • Managing commands in a distribution
    • Operations manual
      • Overview
      • System architecture and interfaces
        • Element descriptions
        • Network connections overview
      • System requirements
        • General system requirements
        • Ingress controller
        • idm/idm-device-administration-app
        • idm/idm-software-management-app
        • idm/idm-device-monitoring-app
        • idm/idm-device-master-data-mgmt-app
        • idm/idm-device-app
        • idm/idm-solution-app
        • idm/idm-webapp-backend
        • idm/idm-device-tunnel-app
        • idm/idm-artifact-repository
        • bci-app/opensearch
        • bci-app/opensearch-dashboards
        • bci-app/valkey
        • bci-app/nginx
        • bci-kube/nexeed-ansible-operator
      • Migration from previous versions
      • Setup and configuration
        • Installation guide
          • How to initialize OpenSearch
          • How to create MACMA tenants with basic authentication
          • How to configure tenants for artifact-related use cases
        • Configuration
          • Detailed configuration parameters
          • Recommendations for service meshes
      • Start and shutdown
      • Regular operations
        • Whitelist new certificate
      • Failure handling
        • Device Portal data is out of sync
        • How to synchronize devices and machines to OpenSearch
        • Synchronize communication id mapping to key-value store (Redis/Valkey)
      • Backup and Restore
      • Logging and monitoring
      • Known limitations
    • Developer guide
      • Communication ID
      • Adding diagnostic functionality to devices
      • Add command processing to devices
      • Add the backup/restore functionality to devices
      • Reducing data consumption of device communication
      • Access through a custom application
    • Artifact Repository guide
      • Introduction
      • Providing artifacts for roll-out
        • Establishing a connection to the Device Portal
        • Uploading and managing artifacts in the repository
      • Downloading artifacts
      • Sending commands
    • API documentation
    • Glossary
Device Portal
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Device Portal
  • Communication ID for devices without namespaces

Communication ID for devices without namespaces

Typically, device types should always be assigned namespaces. If this is not possible for a device or is not desired, the ID can also be structured as follows:

Option1

The communication ID corresponds to a device property:

Syntax

urn:bosch:dp:id:<device-type-name>.<category-name>.<attribute-name>.<attribute-value>

Example of a device with a unique MAC address under device type 'myDeviceType'

urn:bosch:dp:id:myDeviceType.BLUETOOTH.mac.008041aefd7e

Option2

The communication ID corresponds to a sequential number:

Syntax

urn:bosch:dp:id:<device-type-name>(.<id-type-or-prefix>).<id-value>

Example of a device that can be identified by a sequential number under the device type 'myDeviceType'

urn:bosch:dp:id:myDeviceType.seq.123456 or urn:bosch:dp:id:myDeviceType.123456

Switching communication from basic auth (test mode) to mutual TLS (productive mode)

The recommended method of communication between the device and the Device Portal is Mutual TLS. X.509 certificates are issued for the device with which the device can authenticate itself to the Device Portal.

Since it would be complicated to whitelist each device certificate in the Device Portal, only intermediate certificates are considered for this in the Device Portal.

Therefore, to create a device certificate, you must first create the intermediate certificate:

  1. Generate a X.509 certificate and use .cer , .crt , or .pem as the file extension. The attribute subject CN must be described with a unique value and cannot be empty.

    The generated file is the intermediate certificate.

  2. Send the generated intermediate certificate to the Service – Helpdesk.

  3. The Support Team will whitelist the certificate in the Device Portal.

  4. If an Artifact Repository is used, whitelist the intermediate certificate in your Artifact Repository.

    The description of the intermediate certificate whitelists can be found in the API documentation of the Artifact Repository.

  5. Generate a new X.509 certificate and use .cer , .crt , or .pem as the file extension. The subject CN must contain the Communication ID as the value.

    The generated certificate is the device certificate.

  6. Sign the device certificate with the intermediate certificate using Certificate Signing Request (CSR).

  7. Implement mutual TLS communication for device communication. During connection to the Device Portal, the device receives the Device Portal server certificate and the intermediate certificate with which it was signed. The root certificate used to sign the intermediate certificate should be added to the trusted store of the device.

    Now use the URL cert.device.deviceportal.bosch.com to communicate with the Device API.

    • Communication between the device and Device Portal on a mutual TLS basis has been implemented.
      If a device certificate has to be blacklisted again later, this is possible via the Helpdesk. If an Artifact Repository is used, a user with the role repository manager must blacklist the device certificate. By blacklisting the device certificate, the Device Portal blocks all further communication with the device..

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses