Closed mstoffel-sag closed 9 months ago
The documentation to use a CA signed certificate is indeed missing.
Though I am afraid this is really a much larger topic for a PKI in general. The whole certificate lifecycle needs to be addressed (e.g. root cert creation, CSR (device cert creation via Certificate Signing Request), renewal, revocation etc.)
Actually I think we could start where to put/configure the client cert on thinEdge. And where to upload the CA to cumulocity.....
Certificate related docs have been updated with https://github.com/thin-edge/thin-edge.io/pull/2585
QA has thoroughly checked the feature and here are the results:
Is your feature improvement request related to a problem? Please describe. Right now the we rely heavily on self signed certificates which are generated and als oploaded via tedge cli. This is no production scenario.
Describe the solution you'd like We should describe how to use real ca signed certificates. How to configure thinEdge to use the device cert and how to upload the ca to c8y
Additional context We should put pressure on c8y core RND to implement a Certificate Revocation List to make that whole scenario production ready.