All Products
Search
Document Center

IoT Platform:Retrieve device certificates from the cloud server of a device manufacturer

Last Updated:Dec 12, 2023

If you use this solution, devices send requests to the cloud server of a device manufacturer to retrieve certificates (ProductKey, DeviceName, and DeviceSecret) after the devices are powered on and connected to networks. You do not need to burn device certificates on the devices. This topic describes how to configure the cloud server of a device manufacturer.

For more information about the solutions that can be used to retrieve device certificates, see Overview.

How it works

If you use this solution, you must deploy a certificate distribution server and develop the corresponding server-side API operation and tables to handle device requests to retrieve device certificates.

The certificate distribution server calls the API operation when receiving requests from devices to retrieve certificates. The following information describes the business logic of this API operation: queries the device information table based on the device ID that is specified in a request, and performs the following operations based on the query result.

  • Returns an error message if the device ID is not found in the table. The error message indicates that the device is invalid.

  • Returns a device certificate if the device ID is found in the table and the corresponding certificate exists.

  • Calls the RegisterDevice operation of IoT Platform to register the device and returns a device certificate if the device ID is found in the table but the corresponding certificate does not exist.

After the certificate is retrieved, the device can use the certificate to connect to IoT Platform.

The following figure shows the process.

设备获取证书过程

Note
  • Devices must be able to automatically retrieve the IP address and connect to your certificate distributor.

  • You can develop the certificate distributor based on your business requirements.

  • You must ensure the security and reliability of the connections from devices to the certificate distributor.

Server-side API operation

The following section describes how to develop the API operation.

  • Request parameters

    Parameter

    Description

    deviceId

    The ID of the device. You can specify a MAC address or series number (SN) for this parameter.

  • Response parameters

    Parameter

    Description

    productKey

    The ProductKey in the device certificate that is issued by IoT Platform.

    deviceName

    The DeviceName in the device certificate that is issued by IoT Platform.

    deviceSecret

    The DeviceSecret in the device certificate that is issued by IoT Platform.

Device information table

The following section describes how to create the device information table.

Table properties

Table property

Recommended value

Table name

device_table

Time to live (TTL)

-1

Maximum data version

1

Maximum version offset

86400

Primary key

deviceId. The field is of the STRING type and can also be a partition key.

Fields

Field

Description

deviceId

The ID of the device. You can specify a MAC address or series number (SN) for this parameter.

registerTime

The time when the device was registered.

activateTime

The time when the device was activated.

productKey

The ProductKey in the device certificate that is issued by IoT Platform.

deviceName

The DeviceName in the device certificate that is issued by IoT Platform.

deviceSecret

The DeviceSecret in the device certificate that is issued by IoT Platform.

IotId

The device ID. The ID is a unique identifier that is issued by IoT Platform to the device.