IoT Platform allows you to use a digital certificate to authenticate the devices that are connected to IoT Platform. To use a digital certificate, you must apply for a certificate from a certificate authority (CA) and register the certificate on IoT Platform. Then, you can issue a device certificate to a device and associate the device certificate with the device. This topic describes how to register a CA certificate and associate the certificate with a device on IoT Platform.
Prerequisites
To use a private CA certificate for device authentication, you must create a product and set Authentication Mode to X.509 Certificate and Use Private CA Certificate to Yes.
Limits
- Private CA certificates are applicable only to devices that are directly connected to IoT Platform based on the MQTT protocol.
- Private CA certificates are supported only in the China (Shanghai) region.
- Private CA certificates are not applicable to products that use LoRaWAN as the network connection mode.
- Private CA certificates support only device certificates that are signed by using the RSA algorithm.
- Each Alibaba Cloud account can register up to 10 CA certificates.
Register a CA certificate
Obtain the serial number (SN) of a device certificate
You must issue a device certificate to each device and obtain the SN of each device certificate.
- Each SN of the device certificate must be unique among the SNs of the device certificates that are issued by the same user.
- After a device certificate is issued, you must record the SN of the device certificate. The SN is required when you associate the device certificate with the device that is connected to IoT Platform.
The following table describes the format requirements of the device certificate.
Device certificate |
Each device certificate file must meet the following format requirements:
|
Private key of the device certificate |
The private key of each device certificate must meet the following format requirements:
|
Associate the SN of the device certificate with the device
After you register a CA certificate, you must associate the SN of the device certificate with the device information on the IoT Platform. The device information includes the ProductKey and DeviceName.
Connect a device to IoT Platform
When you develop a device that uses a private CA certificate for device authentication, you do not need to specify the ProductKey or DeviceName of the device. You need to specify only the subject of the CA certificate and the SN of the device certificate. If the device is connected to IoT Platform, IoT Platform authenticates the connection based on the subject of the CA certificate and the SN of the device certificate. If the connection is authenticated, IoT Platform sends a ProductKey and DeviceName to the device. For more information about how to configure a device, see Use X.509 certificates to authenticate devices.