Device Self Provision a Certificate

The following describes how a device can acquire a AWS Iot Certificate, and associate the certificate to a Foundry Device.



Step 1: Getting a Certificate and Private key for a Device.


This API call generates an inactive certificate without policy.

GET /foundry/certificates/generate


Request parameters:

if you include a "topics" in the request query parameters, Foundry will activate the certificate immediately:  (ex. ["1/#/1","test/+/+/1","1/2/3"] , need to be url encoded)


Calling this will return the following response

{

    id : “<certID>”,

    arn: “a certificate ARN”,

    cert : “base 64 certificate file”,

    private : “base 64 private key file ”

}


Example response:

{
  "arn": "arn:aws:iot:us-west-2:441898714953:cert/36964735e7c74c80eb190fb641f958465bf5a1fe54836186b6c819ce15619a0f",
  "id": "36964735e7c74c80eb190fb641f958465bf5a1fe54836186b6c819ce15619a0f",
  "cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXakNDQWtLZ0F3SUJBZ0lWQVBqL0Q1dGNVVVdTWWZnWjh3VHhkWktickRUV01BMEdDU3FHU0liM0RRRUIKQ3dVQU1FMHhTekJKQmdOVkJBc01Ra0Z0WVhwdmJpQlhaV0lnVTJWeWRtbGpaWE1nVHoxQmJXRjZiMjR1WTI5dApJRWx1WXk0Z1REMVRaV0YwZEd4bElGTlVQVmRoYzJocGJtZDBiMjRnUXoxVlV6QWVGdzB4T0RBek1qTXlNVEF4Ck5EQmFGdzAwT1RFeU16RXlNelU1TlRs1uUDVFQ1cwdVgvdU5VSDM3aXFCL2haeks3WGhEWXlER05XODJlV0ZWcXRXMytGbml1UWRPS0wxd1NPWmw4NHYKbWpNUkFnTUJBQUdqWURCZU1COEdBMVVkSXdRWU1CYUFGUFJrZkMrcGR6aEM2aWptQTZhcmZoT2xndDZqTUIwRwpBMVVkRGdRV0JCVGN0V1hUZitSQU5QeWF3NXpheGJZTjdoTlhMREFNQmdOVkhSTUJBZjhFQWpBQU1BNEdBMVVkCkR3RUIvd1FFQXdJSGdEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFIOFBU3dXh1eDlQR25kNUc3NVhjazA4YnAxUDUwaWRqCjkzMm1GSHJjc2xrNkxRTzU2K3BOOEw2Y3c0VVhRdnVUYkJ6OE5qRU0xbjlkbUVhblRKeVNDWHNLZGJ1QmRkZW8KZUNMNk1DRzdDOE5zT3BDWEMvcWl5M0pLbEVTenRsSjI4Qi81L01JWllyclFtaW13V2ZZbTkySmRYMjJNMkN5UgpXTndxbEhEMlhzdjk4eDRhRVBqYnUrZkxLMUNLMTUrUEdmZm0zYkN6THRwVUk4RXY0cjFSVVR3NGpubG5Kdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
  "private": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBdGQxRHVnTHJ1OGxOb1N5NEduMTRPTnlua2pTY0laMTg0UlIwTTk3U1AydmJDdWpoCjVHM294MXBML3ppdS9xOHBrZWV5b25SS0ZrVXliSGx2RjJtWFZkU3pBMWtGZTlXd2dlcjNQbXFOeWlkQ1hXQzIKRm0wcy9LWm9kbE1weERJL01zNzBPRy81R0RNZ3RwNkFhMVBQTGhCZ0xyL1Nrd3R3eHIzVTRiSHQ3bnRlSDBxMQpCQWpITWtQZXJuQUY0OWJKZ0xlUlRRdU5YWkdiTWdwejlSeENTNFh4dHFlR2Y4c21nVUNaQ0h6TVRjSWN2YnhECldzZ0RRRC9FSEJqRm9WVVNEcHppRDdkbkJSNzRseGJGcHBweitSQWx0TGwvN2pWQjkrNHFnZjRXY3l1MTRRMk0KZ3hqVnZObmxoVmFyVnk3REhFL1ZqOUtTZHhxRDd6UDNESjR3S21ubEhOQXZHY0w4UWFTNFBadm15L0swYmdlYWlib0RrNkQKTGZVTkFaVGNRc091V0J4dFRaNnd5bjhkTzE3N3hkRnp3Q0M5UG1keVpNeWM0ZWQ3RGdNakdleXZ3L3hON0M3egpWV3FYcWJ0cFVTakR4dSszSVQrNThQa2t3M0FwOGpLVG5BcmFDQ202OFJSTlAwSm5rUkF4RjV5bGY5OTRmenBTCjdGMkxQYUVFY2FRd2pKR1Y4a0dPekxjTzJiMVBqd05Nb0p3aFJhK05qTXFQMjNSMFRDT3hCdExvTjhaT0NjcHEKL201NUoyU1JBb0dCQU9XQjY2QitKQ016b3VwRzJKWFZybUgzUTBFeUlmOGVoWElqRVNtamhUSmgxV3d5L3UvYwozbkxuMDFzd2dGa3A0RlJBUmJ6NkZQTHh0Y0pRMU03S3FqWWZJUGJraFpZRXRsb01QT1lLbklKN0VMaWNZZXRjCnZWMFZUUERCbFR1V2IyU1ZQenBOdG82REgzRmlNeWFxNXhGS1VpR0RPN2VIL0FCM3dZSERyOHlGQW9HQkFNcmIKZGRzWTFDbkxETG4rZWsxQlZPVUFjS1VEVFZXdjdyUG02Q0hsNTI4V0FMRkRER3NrNCthMWIyR0tCUUZ6bHM0ZDA0WWxna3dtS0FXNVJGRUhBbHEvdmxoZHQKakp0bFcrUjFvRzRVZlJqZFlmdkdYdy9ZWDVURXZJUWFVenIwYkRlNE8rb3EvYVYxUnhXeDI0R3ZPSzF3K2dJcApUZy9JWjRHa3BTTDNENEdBT2hycHlKMTkza1B3YXBwOTZRV1Y5N2dhM290VkFuUVUweXdaOVVDTgotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo="
}



Step 2: To attach IoT policy to certificate, activate certificate and save certId to Foundry object use this API after of first using the received parameters:


POST /foundry/certificates/provision


Params: 

arn - a certificate ARN

certId - ID of certificate to provision to device

deviceId - ID of foundry object the certificate should be associated with

topics - list of topics device can subscribe/publish on (ex. ["1/#/1","test/+/+/1","1/2/3"] )


Sample Request:

{
  "arn": "arn:aws:iot:us-west-2:441898714953:cert/36964735e7c74c80eb190fbxxxxxf5axxx361xxxxce15xxa0f",
  "certId": "36964735e7c74c80xxxxxxxf5a1fe5483xxxxx819ce15619a0f",
  "deviceId":"a7bxx0-xxxx-xxx-8e92-d9exxxx113",
  "topics":["XiQ/#"]
}



Result: 

Success / Failure standard Foundry responses 


To delete certificate and remove certId from foundry object use this API:


DELETE /foundry/certificates/revoke


Params: 

certId  - ID of certificate to delete

deviceId - ID of foundry object


Result: 

Success / Failure standard Foundry responses