Device Self-Registration

Overview

For security, devices can connect to IoTDA only after their basic information (such as the device ID and authentication information) is registered on the platform. You can register a device on the platform manually or use self-registration templates, with which the device information is automatically registered when the device connects to the platform for the first time. This section describes how to use certificates and server name indication (SNI) to implement device self-registration.

Figure 1 Service flow

Scenarios

• Common scenarios: With self-registration, devices are registered automatically with device certificates, free of device provisioning.
• IoV: With self-registration, head units can go online immediately upon starting, simplifying application development.
• Large enterprise customers: With self-registration, the customers who have purchased multiple IoTDA instances do not need to register and provision devices under different instances separately in advance.

Constraints

• A maximum of 10 self-registration templates can be created for an account.
• To use the device self-registration function, the device must use TLS and enable the SNI extension. The SNI must carry the domain name allocated by the platform. You can obtain the domain name by choosing Overview and clicking Access Details.
• Currently, this function supports only bidirectional MQTTS certificate authentication.

Procedure

1. Access the IoTDA service page and click Access Console.
2. Create a self-registration template. In the navigation pane, choose Devices > Self-Registration Template, and click Create Template. You can bind policies to devices in the template in advance. For details about how to use device policies, see Device Topic Policies. Set the node ID and product ID (mandatory). Set the device ID to the value of Username in the MQTT connection parameters. The product must be created on the platform in advance.
   Figure 2 Creating a template
   

   

   The platform predefines the parameters that can be declared and referenced in the template, as shown below. The certificate must contain the parameters referenced in the template.

   • iotda::certificate::country: country
   • iotda::certificate::organization: organization
   • iotda::certificate::organizational_unit: department
   • iotda::certificate::distinguished_name_qualifier: distinguished name
   • iotda::certificate::state_name: province/state
   • iotda::certificate::common_name: common name
   • iotda::certificate::serial_number: serial number

3. Create a device certificate by referring to Registering a Device Authenticated by an X.509 Certificate. Upload the CA certificate to the platform, verify the certificate, bind the self-registration template created in 2, and enable the self-registration function.
   Figure 3 Binding a template
   
   

   The device to register and its CA certificate must be in the same resource space. Ensure that the CA certificate and the product corresponding to the product ID in the template are in the same resource space.

4. In the navigation pane, choose Devices > CA Certificates, click Debug to upload the device certificate created in 3, and check whether the pre-parsed device information meets the expectation.
   Figure 4 Debugging a certificate
   

Verification

1. Use the MQTT.fx tool to simulate the connection of a device to the platform for the first time and the automatic registration. Set the client ID by referring to Connection Parameters. Set User Name to the device ID registered in the platform. Password is not required. Obtain the CA certificate of the platform by referring to Certificates. After the connection is successful, view the registered device information on the platform.
   Figure 5 Connection parameters
   
   Figure 6 Certificate information
   
2. After the connection is successful, you can find the self-registered device in the device list on the console.
   Figure 7 Device self-registration information