Xcel Energy ITron Gen 5 Riva

I read through the spec and put together the proper commands to generate your own certificate.

openssl req -x509 -nodes -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -keyout key.pem -out cert.pem -sha256 -days 1094 -subj '/CN=MeterReaderHanClient' -addext "certificatePolicies = critical,1.3.6.1.4.1.40732.2.2" -addext "keyUsage = critical,digitalSignature"

This will give you cert.pem and key.pem valid for just under 3 years (which is the maximum valid length).

The LFDI is the first 40 characters of the SHA256 signature.

openssl x509 -noout -fingerprint -SHA256 -inform pem -in cert.pem | sed -e 's/://g' -e 's/SHA256 Fingerprint=//g' | cut -c1-40

I added this LFDI to my devices in Xcel and the certificates worked a few seconds later.

Currently have it pulling in on my Energy dashboard with:

sensor:
  - platform: command_line
    unique_id: xcel_meter_power
    name: "Smart Electric Meter Power"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://192.168.1.39:8081/upt/1/mr/1/r --cert /config/c.pem --key /config/k.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "W"
#    device_class: 'power'
    scan_interval: 5
    command_timeout: 5

  - platform: command_line
    unique_id: xcel_meter_consumption
    name: "Smart Electric Meter Consumption"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://192.168.1.39:8081/upt/1/mr/3/r --cert /config/c.pem --key /config/k.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "kWh"
    value_template: "{{ value | multiply(0.001) | round(3)}}"
#    device_class: 'energy'
#    state_class: 'total_increasing'
    scan_interval: 5
    command_timeout: 5

homeassistant:
  customize:
    sensor.smart_electric_meter_consumption:
      device_class: energy
      state_class: total_increasing
    sensor.smart_electric_meter_power:
      device_class: power
      state_class: measurement
4 Likes

@pdubs10

I used your earlier method of generating certs and Xcel Energy launchpad devices. I haven’t heard back from xcel yet so I don’t know if it works or not.

I’m going to try your new method, but I’m trying to get @SergeantScar 's LFDI working.

I posted a message just above yours. I can ssh into home assistant to execute these commands to get watts and kWh. But when I try to execute the same commands in configuration.yaml, I get an error that says Command failed (with return code 1): /usr/bin/curl

I don’t know why it doesn’t work. It looks just like yours.

[core-ssh ~]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>'  2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'
863
[core-ssh ~]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/3/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'
10722340
[core-ssh ~]$

configuration.yaml file:

sensor:
  - platform: command_line
    name: "Smart Electric Meter Power"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "W"
    #device_class: 'power'
    scan_interval: 5
    command_timeout: 5

  - platform: command_line
    name: "Smart Electric Meter Consumption"
    command: "/usr/bin/curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/3/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem 2>&1 | grep -o '<value>.*</value>' | grep -Eo '[0-9]+'"
    unit_of_measurement: "kWh"
    value_template: "{{ value | multiply(0.001) | round(3)}}"
    #device_class: 'energy'
    #state_class: 'total_increasing'
    scan_interval: 5
    command_timeout: 5

Remove /root

That fixed it!!!

Thank you very much!!

I’ve spent two days googling and trying to figure this out.

Awesome, thank you, will backup my certs and give this a shot when I have a chance.

@pdups10,

The cut needs to be 18-58 to get past SHA1 Fingerprint= and leave you the 40 character fingerprint.
Can you edit it.

openssl x509 -noout -fingerprint -inform pem -in cert.pem | sed -e ‘s/://g’ -e ‘s/SHA256 Fingerprint=//g’ | cut -c18-58

Looks like some slight difference between openssl/libressl versions. Added the -SHA256 arg.

openssl x509 -noout -fingerprint -SHA256 -inform pem -in cert.pem | sed -e 's/://g' -e 's/SHA256 Fingerprint=//g' | cut -c1-40

Yes, I noticed that just now. Its a SHA1 instead of SHA256.

Your scripts make it simple and easy. Thanks!!

I uploaded to my new LFDI to xcel devices and it worked.

I fetched with @SergeantScar 's LFDI (first cURL below) and my own certs and LFDI (second cURL below)

[core-ssh xcelcerts]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/cert.pem --key /root/config/xcelcerts/key.pem
<Reading
     xmlns="urn:ieee:std:2030.5:ns"
     href="/upt/1/mr/1/r">
    <qualityFlags>01</qualityFlags>
    <timePeriod>
        <duration>1</duration>
        <start>1676307749</start>
    </timePeriod>
    <value>742</value>
</Reading>
[core-ssh xcelcerts]$ curl --ciphers ECDHE-ECDSA-AES128-CCM8 --insecure --url https://10.0.0.226:8081/upt/1/mr/1/r --cert /root/config/xcelcerts/myown/cert.pem --key /root/config/xcelcerts/myown/key.pem
<Reading
     xmlns="urn:ieee:std:2030.5:ns"
     href="/upt/1/mr/1/r">
    <qualityFlags>01</qualityFlags>
    <timePeriod>
        <duration>1</duration>
        <start>1676307760</start>
    </timePeriod>
    <value>745</value>
</Reading>
[core-ssh xcelcerts]$ 

I’ve been trying to get this up and running for the last couple days. I added my meter to my wifi network, found it on my controller, and locked it to a certain AP because it kept finding a further away one rather than a closer one with a better signal. It has now been on the network for 17hrs and I’ve generated a pair of keys and added it as an LFDI to my Xcel account, but cannot get any response from the meter on my network. I also don’t get a ping response from the meter either.

If I can get it up and running I’m looking at making a container to use the mDNS functionality to make it easier to find the meter and automate the process a bit more. Then I want to convert the API outputs from the meter and broadcast them via MQTT to more easily integrate the messages into HomeAssisstant.

This post is very helpful, but the homeassistant.customize isn’t working for me, or at least it is not showing up in my energy dashboard.

So the Xcel site shows my meter is “Ready to Go” and I can see its IP on my network. However, I cannot seem to get the website to accept the registration. I have an LFDI based on pdubs10’s latest message, but I just keep getting an unsuccessful message. Does anybody have any thoughts?

UPDATE this appears to have been a temporary issue with the site.

I believe something is incorrect with my registration based on comments in this thread, but could someone confirm? I wasn’t ever prompted to set up my WIFI network when registering my meter and attempting to add a new device (using the LFID/certs above or generating my own) doesn’t work because I’m never prompted for the certificate itself. Am I missing a step or does something look incorrect?

Anyone else getting this error when trying to log into the Energy Launchpad?

Without changing anything with my registration, keys, LFDI, etc. I just received a new error message:

curl: (35) OpenSSL/3.0.8: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

I’ll have to look into it later, but thats a lot more promising that zero response from the meter. Looks like registration might be taking a little longer right now?

I had that originally, I believe either incognito mode or deleting all of the cookies for that site fixed it for me.

Similar situation in Minneapolis. Did this ever update?

@zakn You may need the openssl.cnf mentioned here: Xcel Energy ITron Gen 5 Riva - #57 by Webstas

I’m having the same issue. When I logged into launchpad a few days ago I was prompted to input my wifi network information and noticed the note that it only supported 2.4ghz. In the couple days it took me to get a 2.4ghz access point and set it up, it appears that something has gone wrong on xcel’s side. I’m now not able to bring up the wifi information screen. I tried calling the support number listed on that page and the xcel rep had absolutely no idea what I was talking about.

Xcel has been quite responsive for me at [email protected].

I had the same experience calling 4 different times. I haven’t been able to find an email addresses, I’m going to email the one @pdubs10 listed and see if they can assist.