Simulate the provisioning process with device credentials
To provision with device credentials in production, you need to have a root CA. If you want to test this provisioning method without generating a root CA, you can simulate it with the
aktualizr-cert-provider, you must still generate a provisioning key that your devices can share. But with this method, you use the provisioning key to sign the device certificate.
In production, you should use the root CA to sign the device certificate, but this method is useful for testing.
- To simulate provisioning with a device certificate, follow these steps:
Add the following lines to your local.conf:
SOTA_CLIENT_PROV = "aktualizr-device-prov" SOTA_DEPLOY_CREDENTIALS = "0"
Build a standard image with bitbake.
Boot the image.
The device should not be able to provision itself automatically. To verify this, log in to the HERE OTA Connect server and make sure that the device does not appear in the list of devices.
Load the device credentials on to the device with
aktualizr-cert-provider -c credentials.zip -t <device> -d /var/sota/import -r -u
You can find the
aktualizr-cert-providersource in the aktualizr repo. You can also find a compiled binary in the host work directory of bitbake.
The path should resemble the following example:
For more extensive information on provisioning methods and configuration, see the following topics: