Certificates

Certificates

Overview

Certificates secure device communication through data encryption and other methods as well. Certification will be used as an authentication mechanism, ensuring only approved devices connect with IoTConnect and further functions.

A certificate authority (CA) issues a certificate. CAs exist to certify the ownership of a public key in each certificate. A CA certificate authenticates the CA signature on the certificates that the CA issues.

A CA hierarchy establishes a chain of trust (or certification path) in which each entity signs the entity below it in the chain. The root CA is self-signed. The root CA must be a trusted root CA according to the validation endpoint for a certificate to be trusted.

How certificate works with devices

  • While creating a Template, you will be asked for the Authentication Type. Select CA-Signed Certificate.
  • When selecting this template during device creation, you must pick CA-Signed Certificate.
  • AWS IoT Core will generate a client certificate and assign it to the selected device.
  • This client certificate will be mapped against the CA-Signed Certificate.
  • A .PEM file will be created, which you can include with the device as part of its firmware.
  • Matching the CA-Signed and Client certificates will ensure the connection between the device and IoTConnect. Without this matching, IoTConnect will not connect the device.

Create a CA certificate

Prerequisites

Get your certificate signed by non-Amazon CA

This process registers a certificate from non-Amazon’s CA. To complete this procedure, you need the CA certificate, its private key file and OpenSSL installed on your computer.

Obtain a verification certificate

To prove that you’re authorized to register the CA with AWS IoT, you must create a verification certificate on your system using the CA certificate’s private key. This securely demonstrates ownership without risking your sensitive private key.

To create a certificate

  1. From the left navigation, mouseover the Devices module. Click Overview or Certificates.
  2. If choosing Certificates from the dropdown, along the top and toward the right, select CA Certificate.
  3. Enter data in the following fields:

(Screen: Create CA Certificate)

    • Name: Enter the display name for a CA certificate.
    • Upload: Upload the CA certificate. IoTConnect accepts only .pem files. IoTConnect will pass the AWS account ID and Unique Verification Certificate with AWS IoT Core. In turn, AWS will verify the certificate.
    • Upload Verification Certificate: Upload the provided verification certificate.
  1. Select Save to create a CA certificate.

Required fields have a red asterisk on the upper-right side of every field name.

The certificate list will reflect your certificate.

Certificate List

To view the certificate list:

  1. From the left navigation, mouseover the Devices module. Click Certificates from the dropdown.
  2. The certificate list displays the certificate name, origin, reference ID, status, etc.

    (Screen: Certificate List)

    • Name: Name of the certificate entered while creating a certificate.
    • Origin: Describes the certificate origin.
    • Reference ID: Shows the reference ID of a certificate.
    • Status: There are three types of status: Pending, Verified and Expired.
    • Expiry Date: Expiry date of the certificate.
    • Created By: Name of the user who created it.
    • Created Date: The date on which the certificate is created.
    • Actions: Delete the certificate.

Certificates Filter

  1. Apply the filter from the top-right corner of the certificate list.
  2. Add filters like name and status by selecting the + icon.
  3. Pending status is a default certificate filter when you create a certificate. You can remove that filter anytime or add more filters.

    (Screen: Certificates Filter)

IoTConnect offers two filters for certificates. Apply any filter and enter the required keywords and/or select the option to retrieve matching results in the certificates list. Click Apply Filter to apply it.

Delete a certificate

To delete a certificate:

  1. Select Delete icon from the actions lane.
  2. It will present the dialogue box titled Delete.

    (Screen: Delete Certificate)

  1. Click Ok to delete a certificate.