The certificate has a highly restrictive policy associated, providing access only to IoT topics associated with the Fleet Provisioning process.If the device has a CSR, then that would be presented along with bootstrap certificate. The device connects to AWS IoT Core over a secure TLS 1.2 connection, using a bootstrapped certificate.When the device is powered on and has network access, the following takes place: The Provisioning by Claim workflow is showcased in the previous image (Fig. Solution Overview: Provisioning by Claim (with Bootstrap Cert) The Lambda functions should be leveraged in the provisioning transaction to automate the approval or denial of a particular device’s provision status based on the custom attributes sent during this process. Examples of device attributes could include a serial number, MAC ID, device location, etc. In addition to validating the bootstrap certificate presented by devices, Fleet Provisioning also provides Lambda-based provisioning hooks that enable appropriate validation for pertinent device attributes. If the device already has its own private key on board, it can send a certificate signing request (CSR) along with the bootstrap certificate to be signed by AWS IoT Core. Provisioning by Claim is designed to target scenarios wherein devices would be manufactured with a shared bootstrap certificate on them. These bootstrap certificates have limited IoT permissions that only allow the devices to do the following: 1/establish first connection with AWS IoT Core, 2/ prove their identity, and 3/ request a fully functional identity with the necessary IoT permissions that devices can use for subsequent communication with AWS IoT Core. This shared bootstrap certificate could be placed on devices at the factory or at a staging facility while flashing the initial software onto devices. When to use the Provisioning by Claim workflow At the end of this post, we will describe the differences when using the Provisioning by a Trusted User approach. In this blog, we demonstrate how to use the Provisioning by Claim approach in detail and explain when you should use this approach. a Mobile/Web App user): this process is very similar to the provisioning by claim process.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |