Device Self Provision a Certificate
The following describes how a device can acquire a AWS Iot Certificate, and associate the certificate to a Foundry Device.
Step 1: Getting a Certificate and Private key for a Device.
This API call generates an inactive certificate without policy.
GET /foundry/certificates/generate
Request parameters:
if you include a "topics" in the request query parameters, Foundry will activate the certificate immediately: (ex. ["1/#/1","test/+/+/1","1/2/3"] , need to be url encoded)
Calling this will return the following response
{
id : “<certID>”,
arn: “a certificate ARN”,
cert : “base 64 certificate file”,
private : “base 64 private key file ”
}
Example response:
{
"arn": "arn:aws:iot:us-west-2:441898714953:cert/36964735e7c74c80eb190fb641f958465bf5a1fe54836186b6c819ce15619a0f",
"id": "36964735e7c74c80eb190fb641f958465bf5a1fe54836186b6c819ce15619a0f",
"cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXakNDQWtLZ0F3SUJBZ0lWQVBqL0Q1dGNVVVdTWWZnWjh3VHhkWktickRUV01BMEdDU3FHU0liM0RRRUIKQ3dVQU1FMHhTekJKQmdOVkJBc01Ra0Z0WVhwdmJpQlhaV0lnVTJWeWRtbGpaWE1nVHoxQmJXRjZiMjR1WTI5dApJRWx1WXk0Z1REMVRaV0YwZEd4bElGTlVQVmRoYzJocGJtZDBiMjRnUXoxVlV6QWVGdzB4T0RBek1qTXlNVEF4Ck5EQmFGdzAwT1RFeU16RXlNelU1TlRs1uUDVFQ1cwdVgvdU5VSDM3aXFCL2haeks3WGhEWXlER05XODJlV0ZWcXRXMytGbml1UWRPS0wxd1NPWmw4NHYKbWpNUkFnTUJBQUdqWURCZU1COEdBMVVkSXdRWU1CYUFGUFJrZkMrcGR6aEM2aWptQTZhcmZoT2xndDZqTUIwRwpBMVVkRGdRV0JCVGN0V1hUZitSQU5QeWF3NXpheGJZTjdoTlhMREFNQmdOVkhSTUJBZjhFQWpBQU1BNEdBMVVkCkR3RUIvd1FFQXdJSGdEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFIOFBU3dXh1eDlQR25kNUc3NVhjazA4YnAxUDUwaWRqCjkzMm1GSHJjc2xrNkxRTzU2K3BOOEw2Y3c0VVhRdnVUYkJ6OE5qRU0xbjlkbUVhblRKeVNDWHNLZGJ1QmRkZW8KZUNMNk1DRzdDOE5zT3BDWEMvcWl5M0pLbEVTenRsSjI4Qi81L01JWllyclFtaW13V2ZZbTkySmRYMjJNMkN5UgpXTndxbEhEMlhzdjk4eDRhRVBqYnUrZkxLMUNLMTUrUEdmZm0zYkN6THRwVUk4RXY0cjFSVVR3NGpubG5Kdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
"private": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBdGQxRHVnTHJ1OGxOb1N5NEduMTRPTnlua2pTY0laMTg0UlIwTTk3U1AydmJDdWpoCjVHM294MXBML3ppdS9xOHBrZWV5b25SS0ZrVXliSGx2RjJtWFZkU3pBMWtGZTlXd2dlcjNQbXFOeWlkQ1hXQzIKRm0wcy9LWm9kbE1weERJL01zNzBPRy81R0RNZ3RwNkFhMVBQTGhCZ0xyL1Nrd3R3eHIzVTRiSHQ3bnRlSDBxMQpCQWpITWtQZXJuQUY0OWJKZ0xlUlRRdU5YWkdiTWdwejlSeENTNFh4dHFlR2Y4c21nVUNaQ0h6TVRjSWN2YnhECldzZ0RRRC9FSEJqRm9WVVNEcHppRDdkbkJSNzRseGJGcHBweitSQWx0TGwvN2pWQjkrNHFnZjRXY3l1MTRRMk0KZ3hqVnZObmxoVmFyVnk3REhFL1ZqOUtTZHhxRDd6UDNESjR3S21ubEhOQXZHY0w4UWFTNFBadm15L0swYmdlYWlib0RrNkQKTGZVTkFaVGNRc091V0J4dFRaNnd5bjhkTzE3N3hkRnp3Q0M5UG1keVpNeWM0ZWQ3RGdNakdleXZ3L3hON0M3egpWV3FYcWJ0cFVTakR4dSszSVQrNThQa2t3M0FwOGpLVG5BcmFDQ202OFJSTlAwSm5rUkF4RjV5bGY5OTRmenBTCjdGMkxQYUVFY2FRd2pKR1Y4a0dPekxjTzJiMVBqd05Nb0p3aFJhK05qTXFQMjNSMFRDT3hCdExvTjhaT0NjcHEKL201NUoyU1JBb0dCQU9XQjY2QitKQ016b3VwRzJKWFZybUgzUTBFeUlmOGVoWElqRVNtamhUSmgxV3d5L3UvYwozbkxuMDFzd2dGa3A0RlJBUmJ6NkZQTHh0Y0pRMU03S3FqWWZJUGJraFpZRXRsb01QT1lLbklKN0VMaWNZZXRjCnZWMFZUUERCbFR1V2IyU1ZQenBOdG82REgzRmlNeWFxNXhGS1VpR0RPN2VIL0FCM3dZSERyOHlGQW9HQkFNcmIKZGRzWTFDbkxETG4rZWsxQlZPVUFjS1VEVFZXdjdyUG02Q0hsNTI4V0FMRkRER3NrNCthMWIyR0tCUUZ6bHM0ZDA0WWxna3dtS0FXNVJGRUhBbHEvdmxoZHQKakp0bFcrUjFvRzRVZlJqZFlmdkdYdy9ZWDVURXZJUWFVenIwYkRlNE8rb3EvYVYxUnhXeDI0R3ZPSzF3K2dJcApUZy9JWjRHa3BTTDNENEdBT2hycHlKMTkza1B3YXBwOTZRV1Y5N2dhM290VkFuUVUweXdaOVVDTgotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo="
}
Step 2: To attach IoT policy to certificate, activate certificate and save certId to Foundry object use this API after of first using the received parameters:
POST /foundry/certificates/provision
Params:
arn - a certificate ARN
certId - ID of certificate to provision to device
deviceId - ID of foundry object the certificate should be associated with
topics - list of topics device can subscribe/publish on (ex. ["1/#/1","test/+/+/1","1/2/3"] )
Sample Request:
{
"arn": "arn:aws:iot:us-west-2:441898714953:cert/36964735e7c74c80eb190fbxxxxxf5axxx361xxxxce15xxa0f",
"certId": "36964735e7c74c80xxxxxxxf5a1fe5483xxxxx819ce15619a0f",
"deviceId":"a7bxx0-xxxx-xxx-8e92-d9exxxx113",
"topics":["XiQ/#"]
}
Result:
Success / Failure standard Foundry responses
To delete certificate and remove certId from foundry object use this API:
DELETE /foundry/certificates/revoke
Params:
certId - ID of certificate to delete
deviceId - ID of foundry object
Result:
Success / Failure standard Foundry responses