Create device credentials
For creating device credentials, you must generate the following certificates:
CA root certificate
CA intermediate certificate
Device certificate
Generate a CA root certificate
Note
Make sure that you have exported the right resource group name as $RESOURCE_GROUP
.
By default, it is set to nrfassettracker
.
To create a CA root certificate and register it with the Azure IoT Device Provisioning Service, run the following command:
node cli create-ca-root
Note
The default lifetime for root CA certificates is 1 year.
Run node cli create-ca-root --help
to learn how to customize the lifetime.
Do not share the CA root certificate. The number of CA root certificates is typically very small, and the minimum number of certificates required is one.
Provide the proof of your ownership of the CA with the following command:
node cli proof-ca-root-possession
Note
If you see the error A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
, confirm that your system clock is accurate.
Generate a CA intermediate certificate
To create a CA intermediate certificate and an enrollment group for it, run the following command:
node cli create-ca-intermediate
Note
The default lifetime for intermediate CA certificates is 1 year.
Run node cli create-ca-intermediate --help
to learn how to customize the lifetime.
You can share the CA intermediate certificate with the factory. You will have multiple intermediate certificates over time.
Generate a device certificate
You can use the CLI to generate a certificate for your device.
The firmware will use the IMEI of the device as the MQTT client ID.
You can get the IMEI of your device using the AT command AT+CGSN
.
The IMEI is also typically printed on a sticker on the device.
Following is the output of the command:
# AT+CGSN
352656100248049 OK
Use the IMEI when generating the certificate:
node cli create-device-cert -d "imei"
Note
The default lifetime for device certificates is 30 years.
Run node cli create-device-cert --help
to learn how to customize the lifetime.