Managing device certificates

Written by

Getting a list of certificates
Adding a certificate
Deleting a certificate

For devices and registries to begin exchanging data and commands, you need to log in. This section describes how to manage device certificates for the relevant authorization method.

Note

When using an X.509 certificate along with a password, the password has higher priority.

To access a device, use its unique ID or name. For information on retrieving the unique device ID or name, see Getting information about devices.

Getting a list of certificates

Management console

CLI

API

In the management console, select the folder where the device is located.
Select the Yandex IoT Core.
Select the registry where the device is located.
Go to the Devices tab.
Select the device.
On the Overview page, go to the Certificates section.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

View the list of device certificates:

yc iot device certificate list --device-name my-device

Result:

+------------------------------------------+---------------------+
|               FINGERPRINT                |     CREATED AT      |
+------------------------------------------+---------------------+
| df3cc4f337eba01a264803d15b119e2d33943315 | 2019-05-29 17:14:36 |
| 65e5b050069da5ca5996a4a8a92514098b0a5dd1 | 2019-05-29 17:14:18 |
+------------------------------------------+---------------------+

You can get a list of device certificates using the listCertificates API method.

Adding a certificate

Management console

CLI

Terraform

API

To add a device certificate:

In the management console, select the folder to add the device certificate to.
Select Yandex IoT Core.
Click on the name of the registry.
In the left menu, select Devices.
Select the desired device from the list.
On the Overview page, go to the Certificates section and click Add certificate.
- To add a file:
  1. Choose the File method.
  2. Click Select file.
  3. Specify the certificate file on your computer and click Open.
  4. Click Add.
- To add text:
  1. Choose the Text method.
  2. Insert the certificate body in the Contents field.
  3. Click Add.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

Add a certificate to the device:

yc iot device certificate add \
  --device-name my-device \ # Device name.
  --certificate-file device-cert.pem # Path to the public part of the certificate.

Result:

device_id: b9135goeh1uc1s2i07nm
fingerprint: 65e5b050069da5ca5996a4a8a92514098b0a5dd1
certificate_data: |
  -----BEGIN CERTIFICATE-----
  MIIE/jCCAuagAwI...
  -----END CERTIFICATE-----
created_at: "2019-05-29T17:14:18.804Z"

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it by configuration files. They store the infrastructure description in HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Mozilla Public License.

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

For more information about Terraform, see the documentation.

To add a certificate to a device created using Terraform:

In the configuration file, describe the parameters of resources that you want to create:
- yandex_iot_core_device: Device parameters:
  - registry_id: ID of the registry to create a device in.
  - name: Device name.
  - description: Device description.
  - certificates: List of certificates for authorization using certificates.
Example device description in the Terraform configuration:
```
resource "yandex_iot_core_device" "my_device" {
  registry_id = "<registry_ID>"
  name        = "<device_name>"
  description = "test device for terraform provider documentation"
...
  certificates = [
    file("<path_to_certificate_file>")
  ]
...  
}
```
For more information about the yandex_iot_core_device resource parameters in Terraform, see the provider documentation.
In the command line, change to the folder where you edited the configuration file.
Make sure the configuration file is correct using the command:
```
terraform validate
```
If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
Run the command:
```
terraform plan
```
The terminal will display a list of resources with parameters. No changes are made at this step. If there are errors in the configuration, Terraform points them out.
Apply the configuration changes:
```
terraform apply
```
Confirm the changes: type yes in the terminal and press Enter.

You can verify device certificates in the management console or using the following CLI command:
```
yc iot device certificate list --device-name <device_name>
```

You can add a certificate to a device using the API addCertificate method.

Deleting a certificate

Management console

CLI

Terraform

API

To delete a device certificate:

In the management console, select the folder to delete the device certificate from.
Select Yandex IoT Core.
Click on the name of the registry.
In the left menu, select Devices.
Select the desired device from the list.
On the Overview page, go to the Certificates section.
In the row with the certificate in question, click and select Delete from the drop-down list.
In the window that opens, click Delete.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

Delete a device certificate:

yc iot device certificate delete --device-name my-device --fingerprint 65...

Make sure the certificate was deleted:

yc iot device certificate list --device-name my-device

Result:

+-------------+------------+
| FINGERPRINT | CREATED AT |
+-------------+------------+
+-------------+------------+

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

For more information about Terraform, see the documentation.

To delete the certificate of a device created using Terraform:

Open the Terraform configuration file and delete the value of the certificate in the certificates block, in the fragment with the device description. To remove all certificates, delete the entire certificates block.

Example device description in the Terraform configuration:
```
resource "yandex_iot_core_device" "my_device" {
  registry_id = "<registry_ID>"
  name        = "<device_name>"
  description = "test device for terraform provider documentation"
...
  certificates = [
    file("<path_to_certificate_file>")
  ]
...  
}
```
For more information about the yandex_iot_core_device resource parameters in Terraform, see the provider documentation.
In the command line, change to the folder where you edited the configuration file.
Make sure the configuration file is correct using the command:
```
terraform validate
```
If the configuration is correct, the following message is returned:
```
Success! The configuration is valid.
```
Run the command:
```
terraform plan
```
The terminal will display a list of resources with parameters. No changes are made at this step. If there are errors in the configuration, Terraform points them out.
Apply the configuration changes:
```
terraform apply
```
Confirm the changes: type yes in the terminal and press Enter.

You can verify device certificates in the management console or using the following CLI command:
```
yc iot device certificate list --device-name <device_name>
```

You can delete a device certificate using the API deleteCertificate method.

Managing device certificates

Getting a list of certificates

Adding a certificate

Deleting a certificate

Was the article helpful?