Simulate the provisioning process with device credentials
To provision with device credentials in production, you need to have a root CA. If you want to test this provisioning method without generating a root CA, you can simulate it with the
To use the
aktualizr-cert-provider command, you must still generate a provisioning key that your devices can share. But with this method, you use the provisioning key to sign the device certificate.
In production, you would use the root CA to sign the device certificate, but this method is useful for testing.
- To simulate provisioning with a device certificate, follow these steps:
Add the following lines to your local.conf:
SOTA_CLIENT_PROV = "aktualizr-ca-device-prov" SOTA_DEPLOY_CREDENTIALS = "0"
Build a standard image using the bitbake command.
Boot the image.
The device should not be able to provision with a provisioning key. To verify this, log in to the HERE OTA Connect server and make sure that the device does not appear in the list of devices.
Load the device credentials on to the device with
aktualizr-cert-provider -c credentials.zip -t <device> -d /var/sota/import -r -u
You can find the
aktualizr-cert-providersource in the aktualizr repo. You can also find a compiled binary in the host work directory of bitbake.
The path should resemble the following example: