1. Home
  2. /
  3. Get started with Matter IoT

Get started with certificates for Matter IoT

For OEMs and product developers, in general, interested in exploring Public Key Infrastructure (PKI) and Certificate Authority (CA) solutions for implementing support for Matter IoT-compliant certificates, EJBCA will offer a hassle-free option to initiate the journey. 

hero-sub-2
Logo_of_Matter_connectivity_standard.svg_

Keyfactor is a member of the Connectivity Standards Alliance

In the Matter IoT specification, certificates are used to implement unique identities to ensure that only authenticated and certified devices can join the network. 

With EJBCA PKI, you can issue Matter IoT-compliant certificates for your smart home products. We provide EJBCA Community and free Enterprise trials that offer a solid foundation for you to begin your certificate journey for Matter IoT devices. Remember to keep up with the latest PKI Certificate policy to maintain compliance and stay up to date. 

How to get started

As an engineer, you can use our how-to guide and tutorial video to start testing EJBCA PKI for your Matter IoT devices today and configure EJBCA PKI for issuing certificates at various levels within the hierarchy. Follow our step-by-step instructions, and you will have an EJBCA instance and Matter IoT certificates for your test devices in no time. 

In this tutorial, we will show you how to create a complete Matter IoT PKI and issue a certificate for the device: 

  1. Root CA - Product Attestation Authority (PAA): Root CA that signs the certificates of the Product Attestation Intermediate (PAI).
  2. Sub CA -  Product Attestation Intermediate (PAI): Sub CA that issues Device Attestation Certificates (DACs).
  3. End Entity - Device Attestation Certificate (DAC): Matter standardized certificates issued for the IoT devices.

Prerequisites

Before you begin, you need the following:

  • Docker running in the background.
  • Additionally, OpenSSL is required to generate a key pair and a CSR. 

Please note: We have opted for SoftHSM in this environment for testing purposes and convenience. However, it is crucial to underscore that when moving to a production deployment, a Hardware Security Module (HSM) becomes imperative for securing the PAA and PAI signing keys. For additional details, please see the Connectivity Standard Alliance PKI Certificate Policy.

 

Documentation

Tutorials/documentation

Documentation

Check out the supplementary documentation that goes hand-in-hand with our tutorial video.

Docker Hub

Get your hands on the EJBCA Docker container by downloading it now from Docker Hub.

YouTube

Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.

Discuss

You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.

What's the next step in this journey?

After successful experimentation, here is where you can learn more about Keyfactor's approach to Identity-first security for Consumer IoT and Smart Home Security.

Related open-source projects