X.509 Certificates are used to setup mutual (two-way) authentication for CoAP over DTLS.
It is similar to access token authentication, but uses X.509 Certificate instead of token.
Instructions below will describe how to connect CoAP client using X.509 Certificate to ThingsBoard Cloud.
Step 1. Generate Client certificate
Use the following command to generate the self-signed EC based private key and x509 certificate.
The command is based on the openssl tool which is most likely already installed on your workstation:
The output of the command will be a private key file key.pem and a public certificate cert.pem.
We will use them in next steps.
Step 2. Provision Client Public Key as Device Credentials
Go to ThingsBoard Web UI -> Device Groups -> Group “All” -> Your Device -> Device Credentials.
Select X.509 Certificate device credentials, insert the contents of cert.pem file and click save.
Alternatively, the same can be done through the REST API.
Step 3. Connect DTLS CoAP Client using X.509 certificate
Install the CoAP client with DTLS support on Linux by following the next steps:
Finally, run the example script below to validate DTLS with X.509 Certificate auth and subscribe for shared attributes updates:
The coap-client example below demonstrates how to connect to ThingsBoard Cloud or to any other ThingsBoard CoAP server that has valid and trusted certificate.