Provisioning

Provision Keys

Download the Provisioning Configuration Files

Login to your dashboard and click the download button next to the System Definition you want to provision. Download the three files into the directory where you wish to run the demo app.

Note: These files can also be programmatically acquired through the Overwatch API

Provision the Server Component

mkdir Server
cp medcrypt.common.crypto.TrustStore.mc \
medcrypt.overwatch.pki.CertifiedCertificateRevocationList.mc \
medcrypt.overwatch.pki.CertifiedProvisioningProfile.mc \
Server/
cd Server/
../cpp_curve_zeromq_server "test-server" "Server" ./ false true 3030 sign Client "127.0.0.1" true

On the first run, the Server component should report that its approval is "pending":

T[ZmqClient.cpp:32] Response received.
I[Services.cpp:344] InitialResponse approval is pending: provision_request_id {
uuid: "\371\809\006\n\223@B\097\345\567\132\765\273XS\212"
}

Once the "Server" component is approved and published in the UI, then when the provision command is run again:

../cpp_curve_zeromq_server "test-server" "Server" ./ false true 3030 sign Client "127.0.0.1" true

the "Server" component should report that it has been "CERTIFIED":

T[ZmqClient.cpp:32] Response received.
I[Services.cpp:373] GetProfileResponse CERTIFIED

Confirm medcrypt.overwatch.pki.CertifiedProfile.mc is in the Server/ directory.

Provision the "Client" Component

mkdir Client
cp medcrypt.common.crypto.TrustStore.mc \
medcrypt.overwatch.pki.CertifiedCertificateRevocationList.mc \
medcrypt.overwatch.pki.CertifiedProvisioningProfile.mc \
Server/
cd Client/
../cpp_curve_zeromq_client "test-client-1" "Client" ./ false true 3030 sign Server "127.0.0.1" true

The "Client" component should be auto-approved and it's status should be "CERTIFIED".

T[ZmqClient.cpp:32] Response received.
I[Services.cpp:348] InitialResponse CERTIFIED: status: MC_CERTIFIED
provision_request_id {
uuid: "\546;Y.a\347K0\203y\431\801\646\123\280e"
}

Confirm medcrypt.overwatch.pki.CertifiedProfile.mc is in the Client/ directory.

Approve Devices and Publish Certificates

1. With provision requests sent to Overwatch, let's approve a provision request so a device can get a certificate and secure configuration. Click on the System Instance and then the green check-mark next to the Component Instance (device) you are provisioning and a dialog will allow you to approve the provision request.

Approve Provision Request

2. After approving the provision request, click on the green check-mark next to the System Instance to publish the certificate and security configuration back to the device.

Publish System Instance

3. Now the device is completely provisioned! Click on the Component Instance to get more information about the device’s data security configuration.

Component Detail View