1. Home
  2. /
  3. Use cases
  4. /
  5. Digital identities for IoT products

Digital identities for IoT products

Opt for EJBCA PKI over OpenSSL and self-signed certificates when prototyping your IoT solution for enhanced long-term scalability and security. 

hero-sub-2

Challenge

Establish mutual trust between connected devices

To ensure cybersecurity in IoT solutions, edge devices, gateways, and servers must be capable of establishing mutual trust as well as trust in the firmware and software they execute. 

This can only be achieved by equipping each system with at least a unique and secure digital identity. This identity must be small enough to be hosted inside a limited memory, strong enough to comply with the latest cybersecurity standards, and easy to check so that even small devices can verify who they are talking to and whether their firmware is genuine. 

It must also be issued and managed securely so that every owner and use case can draw their private circle of trust and decide who can enter or intersect with it. The widely accepted technology for this is public key infrastructure (PKI) and the digital identities are digital certificates following the X.509 standard.

For developers crafting connected devices or cybersecurity experts overseeing their deployment and operational security, integrating trusted digital identities is indispensable to shield against potential cyber threats. Modern industry standards and recommendations also call for PKI and X.509 certificates to secure and authenticate communication, software, and supply chains for IoT. Examples of such standards and recommendations are: 

  • IEEE802.1AR - Definition of IdevID and LDevIDs, respectively, the initial device certificate issued/injected by the OEM PKI and operational certificates issued and renewed by the operator PKI.
  • Matter - usage of two chains of certificates, DAC and NOC respectively device attestation certificate issued/injected by the OEM PKI and node operational certificates issued and renewed by the network commissioner PKI.
  • HTTPS, MQTTS - securing HTTP and MQTT with the mutual (D)TLS protocol using X.509 certificates provisioned on both sides by their respective PKI.
  • IEEE1609.2, C-ITS, ITS - standardization of digital security for vehicle-to-anything (V2X) communications, using PKI and certificates extensively.
F-Keyfactor_Illustration-Certificates and PKI
arrow

Solution

Start your Matter IoT certificate and PKI journey with confidence 

While free certificate issuance tools like Open SSL and self-signed certificates may be convenient for software development and test purposes, they are not recommended for production. Ensuring a smooth and secure transition to the next development phase is important. Using EJBCA's Community edition or our free Enterprise trials, you can establish the necessary private circles of trust while testing and prototyping. 

By following our step-by-step guides and watching our instructional videos, you can easily establish a PKI that enables you to generate certificates for your industrial infrastructure and IoT devices. Once you have set up your PKI, you can customize it to meet your specific requirements. You will have a fully operational PKI for your test devices, complete with Certificate Authorities, roles, certificate profiles, a configured use case/issuing protocol, and revocation support. 

Get started with video tutorials and how-tos:

  • Get started with birth identities based on IEEE 802.1AR
  • Get started with certificates for your Matter IoT devices 
  • Certificates for TLS and mTLS, manually or via REST

Tutorials

EJBCA logo website
Birth Identities
IoT
2023-05-30

Get started with birth identities based on IEEE 802.1AR

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
IEEE 802.1AR
EJBCA logo website
IoT
2023-05-30

Get started with Matter IoT

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
Matter
DevOps
IoT
TLS & mTLS
2023-02-06

Client TLS certificates for mTLS, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
mTLS
EJBCA logo website
DevOps
IoT
TLS & mTLS
2023-02-06

Server TLS certificates, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Read more
mTLS

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
18 March, 2025

#KEYMASTER: Understanding VEX and the Future of Vulnerability Management

In this Keymaster episode, we explore VEX (Vulnerability Exploitability Excha...
Read more
PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Signing
Tech Update
Ejbca
Signserver
11 March, 2025

#KEYMASTER: The Rise of SBOMs – A Growing Necessity

In this episode of #KEYMASTER, we explore the evolving landscape of Software...
Read more
Keyfactor Release
25 February, 2025

SignServer 7.0 Community has been released

SignServer 7.0 Community, has been released. This new version brings a new, u...
Read more

More inspiration

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data
Close