Connecting device to reference Cloud

Device needs a unique TLS certificate to authenticate and connect successfully with the reference Cloud.

Following diagram provides a sequence of steps followed to get a unique device certificate and eventually using the cert for establishing cloud connection.

../_images/cloud-cert-prov.jpg

Provisioning the device is the process of issuing the required certificate and connecting to the cloud. It is broken down in several steps:

  • Cloud Admin needs to download a OTP from the provisioning server on the admin interface.

  • Cloud Admin will configure the device with the OTP.

  • The Device Owner or anyone in possession of the device will deploy the IOT-GATEWAY. The iot-gateway is in charge of requesting a new certificate if needed, then Connect to the cloud through the TCPMux server.

  • Certificate provisioning is done using EST (Enrollment over Secure Transport) protocol. In our reference cloud, we use AWS Private CA as Trusted Root CA. The OTP previously configure will be used as a authentication token. more info here https://datatracker.ietf.org/doc/rfc8295/.

  • Once the certificates are issued to the device, the TCPMux client will use them to connect to the cloud.