1. Home
  2. /
  3. Get started with birth identities based on IEEE 802.1AR

Get started with birth identities based on IEEE 802.1AR

Implement birth identities, based on the IEEE 802.1AR standard, for your devices and solutions. You can start to explore the possibilities today, hands-on.

IEEE 802.1AR logo

An introduction to IEEE 802.1AR

IEEE 802.1AR offers secure device authentication using interoperable Secure Device Identifiers (DevIDs) in standard authentication and provisioning protocols. DevIDs, including unique manufacturer-provided Initial Device Identifiers (IDevIDs) and Locally Significant Device Identifiers (LDevIDs) used for local authorization purposes, provide unique and tamper-proof credentials. By leveraging IEEE 802.1AR, you are able to simplify maintenance and management, and it is also applicable in OPC-UA, OPC10000-21, or Bootstrapping Remote Secure Key Infrastructure (BRSKI) RFC8995.

You can issue IDevID and LDevID certificates and build the security infrastructure to support your solution with EJBCA. 

How to get started

By implementing this standard, organizations can establish trust relationships between devices, preventing unauthorized access and protecting against rogue devices. IEEE 802.1 AR utilizes digital certificates to authenticate devices, ensuring only authorized and trusted devices can access the network. This protocol promotes interoperability, scalability, and future-proofing, enabling organizations to easily integrate devices from different vendors and adapt to evolving network environments.

In this tutorial, you will learn how to: 

  • Configure an Issuing Certificate Authority (CA) to provision Initial Device Identifiers (IDevIDs)
  • Configure certificate profiles and end entity profiles for an IDevID
  • Test your setup and issue IDevIDs certificates

IMPORTANT: Kindly follow the sequence of tutorials as arranged in this YouTube playlist.


Before you begin, you need to have a Root Certificate Authority (CA) set up in EJBCA. To learn how to set up a Root CA, you can follow the tutorial Create your first Root CA using EJBCA.

You also need a configured REST interface. For information on enabling the EJBCA REST API Certificate Management service to allow issuing certificates with an EJBCA, see EJBCA REST Interface.





Check out the supplementary documentation that goes hand-in-hand with our tutorial video.

Docker Hub

Get your hands on the EJBCA Docker container by downloading it now from Docker Hub.


Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.


You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.

Related open-source projects