search

thin-edge / thin-edge.io

The open edge framework for lightweight IoT devices
https://thin-edge.io
Apache License 2.0
221 stars 54 forks source link

Use CA signed certificates #1505

Closed mstoffel-sag closed 9 months ago

mstoffel-sag commented 2 years ago

Is your feature improvement request related to a problem? Please describe. Right now the we rely heavily on self signed certificates which are generated and als oploaded via tedge cli. This is no production scenario.

Describe the solution you'd like We should describe how to use real ca signed certificates. How to configure thinEdge to use the device cert and how to upload the ca to c8y

Additional context We should put pressure on c8y core RND to implement a Certificate Revocation List to make that whole scenario production ready.

didier-wenzek commented 2 years ago

The documentation to use a CA signed certificate is indeed missing.

reubenmiller commented 1 year ago

Though I am afraid this is really a much larger topic for a PKI in general. The whole certificate lifecycle needs to be addressed (e.g. root cert creation, CSR (device cert creation via Certificate Signing Request), renewal, revocation etc.)

mstoffel-sag commented 1 year ago

Actually I think we could start where to put/configure the client cert on thinEdge. And where to upload the CA to cumulocity.....

didier-wenzek commented 9 months ago

Certificate related docs have been updated with https://github.com/thin-edge/thin-edge.io/pull/2585

gligorisaev commented 9 months ago

QA has thoroughly checked the feature and here are the results: