Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
Yandex IoT Core
  • Getting started
  • Step-by-step instructions
    • All instructions
    • Sending messages
    • Subscribing a device or registry to receive messages
    • Viewing the connection log
    • Creating a trigger for a topic
    • Managing registries
      • Getting information about registries
      • Creating a registry
      • Updating a registry
      • Deleting a registry
    • Managing devices
      • Managing topic aliases
        • Creating an alias
        • Getting a list of aliases
        • Updating an alias
        • Deleting an alias
      • Getting information about devices
      • Creating a device
      • Updating a device
      • Deleting a device
    • Managing brokers
      • Getting information about a broker
      • Creating a broker
      • Updating a broker
      • Deleting a broker
    • Managing certificates
      • Create a certificate
      • Managing registry certificates
      • Managing device certificates
      • Managing broker certificates
    • Managing passwords
      • Managing registry passwords
      • Managing device passwords
      • Managing broker passwords
  • Concepts
    • Authorization
    • Relationship between service resources
    • MQTT server connection parameters
    • Sending messages to an MQTT server via gRPC
    • Topic
      • Overview
      • Device topics
      • Registry topics
      • Subtopic
      • Using topics
    • Backups
    • Quotas and limits
  • Practical guidelines
    • All tutorials
    • Working with Mosquitto
      • Sending messages
      • Subscribing a device or registry to receive messages
    • Working with Yandex IoT Core from an Android device in Java
    • Working with Yandex IoT Core in C#
    • Working with Yandex IoT Core in Java
    • Writing data from a device to Managed Service for PostgreSQL
  • Access management
  • Pricing policy
  • Devices API reference
    • Authentication in the API
    • gRPC
      • Overview
      • DeviceDataService
      • DeviceService
      • RegistryDataService
      • RegistryService
      • OperationService
    • REST
      • Overview
      • DeviceData
        • Overview
        • publish
      • Device
        • Overview
        • addCertificate
        • addPassword
        • create
        • delete
        • deleteCertificate
        • deletePassword
        • get
        • getByName
        • list
        • listCertificates
        • listOperations
        • listPasswords
        • update
      • RegistryData
        • Overview
        • publish
      • Registry
        • Overview
        • addCertificate
        • addPassword
        • create
        • delete
        • deleteCertificate
        • deletePassword
        • get
        • getByName
        • list
        • listCertificates
        • listDeviceTopicAliases
        • listOperations
        • listPasswords
        • update
  • Broker API reference
    • Authentication in the API
    • gRPC
      • Overview
      • BrokerDataService
      • BrokerService
      • OperationService
    • REST
      • Overview
      • BrokerData
        • Overview
        • publish
      • Broker
        • Overview
        • addCertificate
        • addPassword
        • create
        • delete
        • deleteCertificate
        • deletePassword
        • get
        • list
        • listCertificates
        • listOperations
        • listPasswords
        • update
  • Questions and answers
  1. Step-by-step instructions
  2. Managing certificates
  3. Managing device certificates

Managing device certificates

Written by
Yandex Cloud
  • Getting a list of certificates
  • Adding a certificate
  • Deleting a certificate

For devices and registries to begin exchanging data and commands, you need to log in. This section describes how to manage device certificates for the relevant authorization method.

Note

When using an X.509 certificate along with a password, the password has higher priority.

  • Viewing a list of device certificates
  • Adding a certificate to a device
  • Deleting a device certificate

To access a device, use its unique ID or name. For information on retrieving the unique device ID or name, see Getting information about devices.

Getting a list of certificates

Management console
CLI
API
  1. In the management console, select the folder where the device is located.
  2. Select the Yandex IoT Core.
  3. Select the registry where the device is located.
  4. Go to the Devices tab.
  5. Select the device.
  6. On the Overview page, go to the Certificates section.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

View the list of device certificates:

yc iot device certificate list --device-name my-device

Result:

+------------------------------------------+---------------------+
|               FINGERPRINT                |     CREATED AT      |
+------------------------------------------+---------------------+
| df3cc4f337eba01a264803d15b119e2d33943315 | 2019-05-29 17:14:36 |
| 65e5b050069da5ca5996a4a8a92514098b0a5dd1 | 2019-05-29 17:14:18 |
+------------------------------------------+---------------------+

You can get a list of device certificates using the listCertificates API method.

Adding a certificate

Management console
CLI
Terraform
API

To add a device certificate:

  1. In the management console, select the folder to add the device certificate to.

  2. Select Yandex IoT Core.

  3. Click on the name of the registry.

  4. In the left menu, select Devices.

  5. Select the desired device from the list.

  6. On the Overview page, go to the Certificates section and click Add certificate.

    • To add a file:

      1. Choose the File method.
      2. Click Select file.
      3. Specify the certificate file on your computer and click Open.
      4. Click Add.
    • To add text:

      1. Choose the Text method.
      2. Insert the certificate body in the Contents field.
      3. Click Add.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

Add a certificate to the device:

yc iot device certificate add \
  --device-name my-device \ # Device name.
  --certificate-file device-cert.pem # Path to the public part of the certificate.

Result:

device_id: b9135goeh1uc1s2i07nm
fingerprint: 65e5b050069da5ca5996a4a8a92514098b0a5dd1
certificate_data: |
  -----BEGIN CERTIFICATE-----
  MIIE/jCCAuagAwI...
  -----END CERTIFICATE-----
created_at: "2019-05-29T17:14:18.804Z"

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it by configuration files. They store the infrastructure description in HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Mozilla Public License.

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

For more information about Terraform, see the documentation.

To add a certificate to a device created using Terraform:

  1. In the configuration file, describe the parameters of resources that you want to create:

    • yandex_iot_core_device: Device parameters:
      • registry_id: ID of the registry to create a device in.
      • name: Device name.
      • description: Device description.
      • certificates: List of certificates for authorization using certificates.

    Example device description in the Terraform configuration:

    resource "yandex_iot_core_device" "my_device" {
      registry_id = "<registry_ID>"
      name        = "<device_name>"
      description = "test device for terraform provider documentation"
    ...
      certificates = [
        file("<path_to_certificate_file>")
      ]
    ...  
    }
    

    For more information about the yandex_iot_core_device resource parameters in Terraform, see the provider documentation.

  2. In the command line, change to the folder where you edited the configuration file.

  3. Make sure the configuration file is correct using the command:

    terraform validate
    

    If the configuration is correct, the following message is returned:

    Success! The configuration is valid.
    
  4. Run the command:

    terraform plan
    

    The terminal will display a list of resources with parameters. No changes are made at this step. If there are errors in the configuration, Terraform points them out.

  5. Apply the configuration changes:

    terraform apply
    
  6. Confirm the changes: type yes in the terminal and press Enter.

    You can verify device certificates in the management console or using the following CLI command:

    yc iot device certificate list --device-name <device_name>
    

You can add a certificate to a device using the API addCertificate method.

Deleting a certificate

Management console
CLI
Terraform
API

To delete a device certificate:

  1. In the management console, select the folder to delete the device certificate from.
  2. Select Yandex IoT Core.
  3. Click on the name of the registry.
  4. In the left menu, select Devices.
  5. Select the desired device from the list.
  6. On the Overview page, go to the Certificates section.
  7. In the row with the certificate in question, click and select Delete from the drop-down list.
  8. In the window that opens, click Delete.

If you don't have the Yandex Cloud command line interface yet, install and initialize it.

  1. Delete a device certificate:

    yc iot device certificate delete --device-name my-device --fingerprint 65...
    
  2. Make sure the certificate was deleted:

    yc iot device certificate list --device-name my-device
    

    Result:

    +-------------+------------+
    | FINGERPRINT | CREATED AT |
    +-------------+------------+
    +-------------+------------+
    

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it by configuration files. They store the infrastructure description in HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Mozilla Public License.

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

For more information about Terraform, see the documentation.

To delete the certificate of a device created using Terraform:

  1. Open the Terraform configuration file and delete the value of the certificate in the certificates block, in the fragment with the device description. To remove all certificates, delete the entire certificates block.

    Example device description in the Terraform configuration:

    resource "yandex_iot_core_device" "my_device" {
      registry_id = "<registry_ID>"
      name        = "<device_name>"
      description = "test device for terraform provider documentation"
    ...
      certificates = [
        file("<path_to_certificate_file>")
      ]
    ...  
    }
    

    For more information about the yandex_iot_core_device resource parameters in Terraform, see the provider documentation.

  2. In the command line, change to the folder where you edited the configuration file.

  3. Make sure the configuration file is correct using the command:

    terraform validate
    

    If the configuration is correct, the following message is returned:

    Success! The configuration is valid.
    
  4. Run the command:

    terraform plan
    

    The terminal will display a list of resources with parameters. No changes are made at this step. If there are errors in the configuration, Terraform points them out.

  5. Apply the configuration changes:

    terraform apply
    
  6. Confirm the changes: type yes in the terminal and press Enter.

    You can verify device certificates in the management console or using the following CLI command:

    yc iot device certificate list --device-name <device_name>
    

You can delete a device certificate using the API deleteCertificate method.

Was the article helpful?

Language / Region
Yandex project
© 2023 Yandex.Cloud LLC
In this article:
  • Getting a list of certificates
  • Adding a certificate
  • Deleting a certificate