If you want to use a GB/T 32960 cloud gateway to connect a vehicle-mounted device to IoT Platform, you must add a cloud gateway in the IoT Platform console. This topic describes how to add a GB/T 32960 cloud gateway.
Background information
For information about how to use a GB/T 32960 cloud gateway to connect a device to IoT Platform, see GB/T 32960 gateways.
Add a cloud gateway
Log on to the IoT Platform console.
On the Overview tab, click the Exclusive Enterprise Edition instance that you want to manage.
In the left-side navigation pane, choose . On the page that appears, click Add Gateway.
In the Basic Information step, configure the parameters and click Next. The following table describes the parameters.
Parameter
Description
Gateway Name
The name of the cloud gateway. The name must be unique in the instance. The name must be 4 to 30 characters in length and can contain letters, digits, and underscores (_).
Protocol
Select GB/T 32960.
Custom Port Number
Valid values: 1024 to 65535. Default value: 8999.
Authentication Type
One-party Verification
If you select this option, you must import the verification information of a device to IoT Platform. The verification information includes the username, password, and serial number (SN) of the device. IoT Platform verifies the device based on the verification information.
Third-party Certification
Alibaba Cloud Function Compute: If you select this option, you must configure the Device-verified FC Service, Device-verified FC Function, and Authorize parameters. You can select an existing Function Compute function or create a new function for device verification. The input and output parameters of the function that you create must meet specific requirements. You can specify a custom function name. For information about the requirements for the input and output parameters of the device verification function, see Parameters of the Function Compute function for device verification.
Click Create Service to go to the Function Compute console and create a service. For information about Function Compute services, see Manage services.
Click Create Function to go to the Function Compute console and create a function. For information about Function Compute functions, see Manage functions.
If the
AliyunIOTAccessingFCRolerole is not available, click Create RAM Role to go to the RAM console and create the role. For information about how to create a RAM role and grant permissions to the role, see Create a RAM role.
Transmission Protocol
TCP
If you use Transmission Control Protocol (TCP) to connect a device, we recommend that you do not connect the device over the Internet. To ensure security, you can establish a connection over a leased line.
ImportantIf you use TCP to connect a device, you do not need to configure certificates. After you complete all configurations in the Basic Information step, click OK to create the gateway.
TLS
If you connect devices to IoT Platform over Transport Layer Security (TLS), you can enable server-side one-way verification, Online Certificate Status Protocol (OCSP) for devices, two-way secure connections between devices and servers, and other features.
Enable X.509 certificate-based device verification. Valid values of the Enable OCSP parameter:
Disabled
OCSP Verification for Server Certificate
OCSP Verification for Client Certificate
Client and Server-side OCSP Verification
Disable X.509 certificate-based device verification. Valid values of the Enable OCSP parameter:
Disabled
OCSP Verification for Server Certificate
NoteOnline Certificate Status Protocol (OCSP) is an Internet protocol that is used by a certificate authority (CA) to check the revocation status of a certificate.
When a client sends a message to a server, the server performs OCSP verification on the client certificate. If the client certificate is revoked, the server closes the connection.
The default time to live (TTL) of cached OCSP information ranges from 5 minutes to 1 hour. After the cached OCSP information expires, server-side OCSP stapling does not take effect until the OCSP information is re-obtained.
Complete the Certificate Configuration step and click OK.
Configure certificates
ImportantIf you select TCP as the transmission protocol, you do not need to configure certificates.
The certificates that are configured in this step are Privacy Enhanced Mail (PEM) files.
You must configure the Server Certificate and Private Key of Server Certificate parameters.
For example, your certificate chain contains certificates that are sorted in the following order: server root certificate, server intermediate certificates, and server certificate. Server intermediate certificates can include multiple levels of intermediate certificates, such as Intermediate Certificate A and Intermediate Certificate B. In this case, you must configure the parameters in this step based on the following instructions:
Server Certificate: Specify the certificates in the certificate chain in reverse order. Specify the server certificate first and then specify server intermediate certificates (Intermediate Certificate B and Intermediate Certificate A).
Private Key of Server Certificate: Specify the private key of the server certificate.
If you enable X.509 certificate-based device verification, you must configure the Device Root Certificate parameter.
For example, your certificate chain contains certificates that are sorted in the following order: device root certificate, device intermediate certificates, and device certificate. Device intermediate certificates can include multiple levels of intermediate certificates, such as Intermediate Certificate A and Intermediate Certificate B. In this case, you must configure the parameters in this step based on the following instructions:
Device Root Certificate: Specify the certificates in the certificate chain in reverse order. Specify the device intermediate certificates (Intermediate Certificate B and Intermediate Certificate A) first and then specify the device root certificate.
If you set the Enable OCSP parameter in the previous step to OCSP Verification for Server Certificate or Client and Server-side OCSP Verification, you must set the Trusted Certificate parameter to the server root certificate in this step.
View information about the cloud gateway on the Gateway page, including the name, ID, gateway URL, status, and associated product.
ImportantYou must record the gateway URL. When you connect a device to IoT Platform by using the GB/T 32960 cloud gateway, you must replace the endpoint with the gateway URL. You can specify the gateway URL as the endpoint or configure a CNAME record to resolve the endpoint to the gateway URL.
Sample Function Compute function for device verification:
Request parameters
{ "vin":"test01", "iccid":"123******", "serialNo":123, "subSystemNumber":1, "systemEncodeLength":12, "systemEncode":[], "action":"auth", "year":2023, "month":12, "day":23, "hour":12, "minute":23, "second":12, "protocol":"gb32960" }Response parameters
{ "result":"true", "message":"" }
Parameters of the Function Compute function for device verification:
NoteThe parameter values of the Function Compute function for device verification must comply with the specifications in the GB/T 32960 protocol. For more information, see GB/T 32960-2016 Part 3: Communication protocol and data format.
Parameter type
Parameter name
Data type
Description
Request parameters
vin
String
The vehicle identification number (VIN).
The VIN must be 4 to 17 characters in length and can contain letters and digits.
iccid
String
The Integrated Circuit Card Identification Number (ICCID) of the vehicle.
serialNo
Integer
The record number of the vehicle logon.
subSystemNumber
Integer
The number of chargeable sub-systems that store electricity.
systemEncodeLength
Integer
The length of the code for a chargeable system that store electricity.
systemEncode
List
The code for a chargeable system that store electricity.
action
String
Set the value to
auth, which specifies authentication for each device logon.year
Integer
The year of the device logon time.
month
Integer
The month of the device logon time.
day
Integer
The day of the device logon time.
hour
Integer
The hour of the device logon time.
minute
Integer
The minute of the device logon time.
second
Integer
The second of the device logon time.
protocol
String
The protocol that is used to connect the vehicle-mounted device to IoT Platform. Set the value to
gb32960.Response parameters
result
String
Indicates whether the device is connected to IoT Platform. Valid values:
truefalse
message
String
The error message that is returned if the device failed to connect to IoT Platform.
(Optional) Modify a cloud gateway
After you create a cloud gateway, find the gateway on the Gateway page and click Edit in the Actions column. You can modify the name, certificate information, and Function Compute function of the cloud gateway.
Result
After you create a cloud gateway, IoT Platform creates and associates a product with the cloud gateway. The product name is in the Cloud gateway+${Cloud gateway ID} format. To view the new product, choose Devices > Products. The new product is displayed on the Products page.
Click View in the Actions column of the product. On the Product Details page, you can view the details of the product, as shown in the following figure.
What to do next
The first time you use a cloud gateway whose Authentication Type parameter is set to Third-party Certification to connect a device to IoT Platform, IoT Platform automatically uses the value of the vin parameter as the DeviceName to create a device.
After you create a cloud gateway whose Authentication Type parameter is set to One-party Verification, you must import the verification information of devices to add the devices to the related gateway product. For more information, see Add multiple devices.