Skip to Content

In the last blog we create a “device” in SAP Cloud Plaform IoT service, pls check also the complete series:

Now its time to get data…….

We want connect our real “device” (The TI Sensor Tag) to SAP Cloud Plaform IoT service, as already mentioned i using here an Raspberry PI as my bridge to IoT service.

At the RPI we using “node-RED”, which allows us on a graphical way to wiring our “TI Sensor Tag” and something more. For details please refer to the documentation.

How you can install node-RED can be found here.

At “node-RED” we need for our scenario the following “nodes” :



As we know that we connect to IoT service in a secure way by using MQTTS, “node-RED” needs therefore the “device” certificates.

Futhermore the certificates must be in the “PEM” format:

Get the certificates from IoT service

First we will download the certificates from the IoT service cockpit by clicking on the corresponding widget:

We store this “certificate” now on or local machine and extracting the archive.

After this is successfully extracted we got the following three files:


To achieve the requirement that “node-RED” needs here the “PEM” format we must do some steps:

  • Open the file an note down the password
  • Now open the “client.ks” file, i using here the “KeyStore Explorer” tool an enter the password. As result we cann now see our device cert.

  • The next step is now to export the keypair as “p.12” file, enter again the password and define now the password for this:

  • After this is successfully saved we cerate the “PEM” files by typing following openssl commands. For a detail description check pls the documentation. In short we will transform our “p12. file first into a “PEM” file and creating finally two files one with the public cert and one with the private cert:
openssl pkcs12 -in 22112211.p12 -out 22112211.pem
Enter Import Password: <pswd for the newly created p12 file>
MAC verified OK
Enter PEM pass phrase: <new pass phase for the PEM>
Verifying - Enter PEM pass phrase: <new pass phase for the PEM>

Remove the pass phrase from our “PEM” and writing also the public key:

openssl rsa -in 22112211.pem -out 22112211_priv.pem
Enter pass phrase for 22112211.pem: <the pass phrase whcih we´ve defined before>
writing RSA key
<now writing the public key (chain) into an the new pem file>
openssl x509 -in 22112211.pem >>22112211_chain.pem


If we now have a look into these two “PEM” files we can see we have our required certs for “node-RED”.

Finally i store now the CA “PEM” file from m IoT service tenant direcly from the browser.

As result we´ve now the three required files for “node-RED” to establish the connection.

Please copy now the files to a directory of your choice at the “Raspberry” and check that the “PI user” is allowed to access these files.

The node-RED modelling

In the MQTT node we must start the for connection to IoT service.

We add a new “MQTT Broker”:

Entering the required data and create a new “tls-config”:

Specify the path to our “PEM” files on the “RPI”:

If we now deploy the flow we can see that our “MQTT” node is successfully connected to IoT service:

Also we see now on the IoT service that we are now connected.


Time to connect our TI Sensortag:

For this we add the “sensorTag” node to our flow and define the required data:

Finally we create two little functions which collect the measueremenst (Air Temperature and Luminosity) from the “TI Sensor Tag” and send the data in the right format to iot service:

if (typeof msg.payload.object !== "undefined" ){

msg.payload = {"measureIds":1, "values":msg.payload.object, "logNodeAddr": "1"};

return msg;
if (typeof msg.payload.lux !== "undefined" ){

msg.payload = {"measureIds":4, "values":msg.payload.lux, "logNodeAddr": "1"};

return msg;

We connect now our nodes and as result we have now this easy and simple flow:


Check what happen in IoT service

If we go back to IoT service and press the “Real-Time Measures” widget we can hopefully see our “live data”:

An yeah whoot!……our data is now visible in IoT service ;o)

Please refere for more details to the offical documentation

If we go back to our initial screen we´ve now a working  flow from the device to IoT service via Raspberry PI:

In the next blog i will explain how we can create a device via the API of IoT service.





To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Marco Lampe

    These things with the certificates should explained a little bit more. Generated certificates and the used certificates in the screenshot do not fit together.

    1. Fabian Lehmann Post author

      hi marco,


      ok i´ve seen you mean this step?

      openssl rsa -in 22112211.pem -out 22112211_nopass.pem

      I´ve corrected it now to the right name:

      openssl rsa -in 22112211.pem -out 22112211_priv.pem






Leave a Reply