OTA Connect Developer Guide

Simulate the provisioning process with device credentials

To provision with device credentials in production, you need to have a root CA. If you want to test this provisioning method without generating a root CA, you can simulate it with the aktualizr-cert-provider tool.

To use aktualizr-cert-provider, you must still generate a provisioning key that your devices can share. But with this method, you use the provisioning key to sign the device certificate.

In production, you should use the root CA to sign the device certificate, but this method is useful for testing.

To simulate provisioning with a device certificate, follow these steps:
  1. Add the following lines to your local.conf:

    SOTA_CLIENT_PROV = "aktualizr-device-prov"
    SOTA_DEPLOY_CREDENTIALS = "0"
  2. Build a standard image with bitbake.

  3. Boot the image.

    The device should not be able to provision itself automatically. To verify this, log in to the HERE OTA Connect server and make sure that the device does not appear in the list of devices.

  4. Load the device credentials on to the device with aktualizr-cert-provider:

    aktualizr-cert-provider -c credentials.zip -t <device> -d /var/sota/import -r -u

    You can find the aktualizr-cert-provider source in the aktualizr repo. You can also find a compiled binary in the host work directory of bitbake.

    The path should resemble the following example:

    tmp/work/x86_64-linux/aktualizr-native/1.0+gitAUTOINC+<version>/build/src/cert_provider/aktualizr-cert-provider.

For more extensive information on provisioning methods and configuration, see the following topics: