OTA Connect Developer Guide

Simulate the provisioning process with device credentials

To provision with device credentials in production, you need to have a root CA. If you want to test this provisioning method without generating a root CA, you can simulate it with the aktualizr-cert-provider command.

To use the aktualizr-cert-provider command, you must still generate a provisioning key that your devices can share. But with this method, you use the provisioning key to sign the device certificate.

In production, you would use the root CA to sign the device certificate, but this method is useful for testing.

To simulate provisioning with a device certificate, follow these steps:
  1. Add the following lines to your local.conf:

    SOTA_CLIENT_PROV = "aktualizr-ca-device-prov"
    SOTA_DEPLOY_CREDENTIALS = "0"
  2. Build a standard image using the bitbake command.

  3. Boot the image.

    The device should not be able to provision with a provisioning key. To verify this, log in to the HERE OTA Connect server and make sure that the device does not appear in the list of devices.

  4. Load the device credentials on to the device with aktualizr-cert-provider command:

    aktualizr-cert-provider -c credentials.zip -t <device> -d /var/sota/import -r -u

    You can find the aktualizr-cert-provider source in the aktualizr repo. You can also find a compiled binary in the host work directory of bitbake.

    The path should resemble the following example:

    tmp/work/x86_64-linux/aktualizr-native/1.0+gitAUTOINC+<version>/build/src/cert_provider/aktualizr-cert-provider.