MQTT(S) Certificate Authentication

Introduction

MQTT(S) certificate authentication requires you to upload a device CA certificate on the console first. Then, you can either use the API for creating a device or register the device on the console to get the device ID. When the device accesses the IoT platform, it carries the X.509 certificate for authentication, which is a digital certificate used to authenticate the communication entity.

Constraints

• Only MQTT devices can use X.509 certificates for identity authentication.
• You can upload up to 100 device CA certificates.

Procedure

Figure 1 MQTT(S) certificate authentication process

1. A user uploads a device CA certificate on the IoTDA console.
2. An application calls the API for creating a device to register a device. Alternatively, a user uses the IoTDA console to register a device.
   

   During registration, use the MAC address, serial number, or IMEI of the device as the node ID.

3. The platform allocates a globally unique device ID to the device.

4. During login, the device sends a connection request carrying the X.509 certificate to the platform.
5. If the authentication is successful, the platform returns a success message, and the device is connected to the platform.

APIs

• Create a Device
• Reset a Device Secret
• Obtain the Device CA Certificate List
• Upload a Device CA Certificate
• Delete a Device CA Certificate
• Verify a Device CA Certificate