How to register a private CA certificate on the Internet of Things platform
1. Preface
IoT IoT platform supports the use of private digital certificates for device access identity authentication. To use a private digital certificate, you need to complete the following operations:
① Register CA certificate on the Internet of Things platform,
② Bind the digital device certificate to the device identity.
This article describes how to register a private CA certificate on the Internet of Things platform and bind the device certificate to the device.
Restrictions
• Only MQTT directly connected devices can use private CA certificates.
• Currently, only East China 2 (Shanghai) supports the use of private CA certificates.
• When using a private CA certificate, only the device certificate signed by the RSA algorithm is supported.
• One AliCloud account can register up to 10 private CA certificates.
2. Register private CA certificate
2.1 Make private CA certificate
We use OpenSSL tools to create private CA certificates on Macs.
The command is as follows:
#Generate private CAs and keys, valid for 10 years
openssl req -new -x509 -days 3650 -keyout myIoTCARoot. key -out myIoTCARoot.crt
#View CA certificate
openssl x509 -noout -text -in myIoTCARoot.crt
Content of private CA certificate:
2.2 Production of validation certificate
When we register a private CA certificate, the IoT IoT platform requires us to upload a verification certificate created using the private key corresponding to the private CA certificate to prove that we have the private CA certificate.
View private certificate registration code
Log in to the IoT IoT platform console.
In the left navigation bar, select Device Management>CA Certificate.
On the CA Certificate Management page, click Register CA Certificate.
In the Register CA Certificate dialog box, obtain the registration code.
Validation certificate production
We also take OpenSSL as an example to create a verification certificate. The steps are as follows:
Generate verification certificate key
#Generate validation certificate
openssl genrsa -out verificationCert. key 2048
Generate validation certificate CSR, where Common Name should be filled in the private CA certificate registration code obtained from IoT console
#Generate validation certificate CSR
openssl req -new -key verificationCert. key -out verificationCert.csr
……
Common Name (e.g. server FQDN or YOUR name) []: *****7dc9a483ebbf7e6997b7b****
……
Create an authentication certificate using a CSR signed by the private CA certificate private key
#Use the private CA and key to issue the authentication certificate
openssl x509 -req -in verificationCert. csr -CA myIoTCARoot. crt -CAkey myIoTCARoot. key -CAcreateserial -out verificationCert. crt -days 300 -sha512
#View the content of the validation certificate
openssl x509 -noout -text -in verificationCert.crt
IoT IoT platform supports the use of private digital certificates for device access identity authentication. To use a private digital certificate, you need to complete the following operations:
① Register CA certificate on the Internet of Things platform,
② Bind the digital device certificate to the device identity.
This article describes how to register a private CA certificate on the Internet of Things platform and bind the device certificate to the device.
Restrictions
• Only MQTT directly connected devices can use private CA certificates.
• Currently, only East China 2 (Shanghai) supports the use of private CA certificates.
• When using a private CA certificate, only the device certificate signed by the RSA algorithm is supported.
• One AliCloud account can register up to 10 private CA certificates.
2. Register private CA certificate
2.1 Make private CA certificate
We use OpenSSL tools to create private CA certificates on Macs.
The command is as follows:
#Generate private CAs and keys, valid for 10 years
openssl req -new -x509 -days 3650 -keyout myIoTCARoot. key -out myIoTCARoot.crt
#View CA certificate
openssl x509 -noout -text -in myIoTCARoot.crt
Content of private CA certificate:
2.2 Production of validation certificate
When we register a private CA certificate, the IoT IoT platform requires us to upload a verification certificate created using the private key corresponding to the private CA certificate to prove that we have the private CA certificate.
View private certificate registration code
Log in to the IoT IoT platform console.
In the left navigation bar, select Device Management>CA Certificate.
On the CA Certificate Management page, click Register CA Certificate.
In the Register CA Certificate dialog box, obtain the registration code.
Validation certificate production
We also take OpenSSL as an example to create a verification certificate. The steps are as follows:
Generate verification certificate key
#Generate validation certificate
openssl genrsa -out verificationCert. key 2048
Generate validation certificate CSR, where Common Name should be filled in the private CA certificate registration code obtained from IoT console
#Generate validation certificate CSR
openssl req -new -key verificationCert. key -out verificationCert.csr
……
Common Name (e.g. server FQDN or YOUR name) []: *****7dc9a483ebbf7e6997b7b****
……
Create an authentication certificate using a CSR signed by the private CA certificate private key
#Use the private CA and key to issue the authentication certificate
openssl x509 -req -in verificationCert. csr -CA myIoTCARoot. crt -CAkey myIoTCARoot. key -CAcreateserial -out verificationCert. crt -days 300 -sha512
#View the content of the validation certificate
openssl x509 -noout -text -in verificationCert.crt
Related Articles
-
A detailed explanation of Hadoop core architecture HDFS
Knowledge Base Team
-
What Does IOT Mean
Knowledge Base Team
-
6 Optional Technologies for Data Storage
Knowledge Base Team
-
What Is Blockchain Technology
Knowledge Base Team
Explore More Special Offers
-
Short Message Service(SMS) & Mail Service
50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00
