If you use this solution, devices send requests to the cloud server of a device manufacturer to retrieve certificates (ProductKey, DeviceName, and DeviceSecret) after the devices are powered on and connected to networks. You do not need to burn device certificates on the devices. This topic describes how to configure the cloud server of a device manufacturer.
For more information about the solutions that can be used to retrieve device certificates, see Overview.
How it works
If you use this solution, you must deploy a certificate distribution server and develop the corresponding server-side API operation and tables to handle device requests to retrieve device certificates.
The certificate distribution server calls the API operation when receiving requests from devices to retrieve certificates. The following information describes the business logic of this API operation: queries the device information table based on the device ID that is specified in a request, and performs the following operations based on the query result.
Returns an error message if the device ID is not found in the table. The error message indicates that the device is invalid.
Returns a device certificate if the device ID is found in the table and the corresponding certificate exists.
Calls the RegisterDevice operation of IoT Platform to register the device and returns a device certificate if the device ID is found in the table but the corresponding certificate does not exist.
After the certificate is retrieved, the device can use the certificate to connect to IoT Platform.
The following figure shows the process.
Devices must be able to automatically retrieve the IP address and connect to your certificate distributor.
You can develop the certificate distributor based on your business requirements.
You must ensure the security and reliability of the connections from devices to the certificate distributor.
Server-side API operation
The following section describes how to develop the API operation.
Request parameters
Parameter
Description
deviceId
The ID of the device. You can specify a MAC address or series number (SN) for this parameter.
Response parameters
Parameter
Description
productKey
The ProductKey in the device certificate that is issued by IoT Platform.
deviceName
The DeviceName in the device certificate that is issued by IoT Platform.
deviceSecret
The DeviceSecret in the device certificate that is issued by IoT Platform.
Device information table
The following section describes how to create the device information table.
Table properties
Table property | Recommended value |
Table name | device_table |
Time to live (TTL) | -1 |
Maximum data version | 1 |
Maximum version offset | 86400 |
Primary key | deviceId. The field is of the STRING type and can also be a partition key. |
Fields
Field | Description |
deviceId | The ID of the device. You can specify a MAC address or series number (SN) for this parameter. |
registerTime | The time when the device was registered. |
activateTime | The time when the device was activated. |
productKey | The ProductKey in the device certificate that is issued by IoT Platform. |
deviceName | The DeviceName in the device certificate that is issued by IoT Platform. |
deviceSecret | The DeviceSecret in the device certificate that is issued by IoT Platform. |
IotId | The device ID. The ID is a unique identifier that is issued by IoT Platform to the device. |