All Products
Search
Document Center

IoT Platform:Burn device certificates on devices

Last Updated:Nov 29, 2023

This topic describes the solutions that can be used to burn device certificates (ProductKey, DeviceName, and DeviceSecret) on devices. This solution requires a device manufacturer to identify how to transform production lines for devices.

For more information about the solutions that can be used to obtain device certificates, see Overview.

Make preparations

After a device manufacturer retrieves device certificates that are issued by IoT Platform, the device manufacturer must deploy a certificate distribution server, and develop the corresponding server-side API operations and device information tables to distribute device certificate information.

For more information about how to deploy a certificate server, see Retrieve device certificates from the cloud server of the corresponding device manufacturer.

Burn device certificates

Programmers, burners, or devices can request device certificates from the certificate distribution server. Then, the device certificates can be burned to device chips, NVRAM, or flash memory.

Two certificate burning methods are available. You can select a burning method based on your business requirements. The following figure shows the procedure.

烧录证书流程

Use programmers or burners to burn device certificates.

You must modify the existing programmers or burner programs. Use personal computers to request device certificates from the certificate distributor and then use programmers or burners to burn the certificates on chips or devices.

If you use this solution, multiple burners or programmers must be deployed on a production line to burn certificates. You can increase or decrease the number of burners or programmers based on the scale of device production.

A device writes a device certificate to NVRAM or flash memory.

You must configure device firmware to automatically detect whether valid certificates exist after devices are powered on. If no invalid certificates exist, the devices apply for certificates from the certificate distributor and then write the certificates to the NVRAM or Flash.

If you use this method, you do not need to deploy burners or programmers on your production line. In addition, multiple devices can apply for certificates from the certificate distributor at the same time.