1. Home
  2. /
  3. Use cases
  4. /
  5. Digital identities for IoT products

Digital identities for IoT products

Opt for EJBCA PKI over OpenSSL and self-signed certificates when prototyping your IoT solution for enhanced long-term scalability and security. 

hero-sub-2

Challenge

Establish mutual trust between connected devices

To ensure cybersecurity in IoT solutions, edge devices, gateways, and servers must be capable of establishing mutual trust as well as trust in the firmware and software they execute. 

This can only be achieved by equipping each system with at least a unique and secure digital identity. This identity must be small enough to be hosted inside a limited memory, strong enough to comply with the latest cybersecurity standards, and easy to check so that even small devices can verify who they are talking to and whether their firmware is genuine. 

It must also be issued and managed securely so that every owner and use case can draw their private circle of trust and decide who can enter or intersect with it. The widely accepted technology for this is public key infrastructure (PKI) and the digital identities are digital certificates following the X.509 standard.

For developers crafting connected devices or cybersecurity experts overseeing their deployment and operational security, integrating trusted digital identities is indispensable to shield against potential cyber threats. Modern industry standards and recommendations also call for PKI and X.509 certificates to secure and authenticate communication, software, and supply chains for IoT. Examples of such standards and recommendations are: 

  • IEEE802.1AR - Definition of IdevID and LDevIDs, respectively, the initial device certificate issued/injected by the OEM PKI and operational certificates issued and renewed by the operator PKI.
  • Matter - usage of two chains of certificates, DAC and NOC respectively device attestation certificate issued/injected by the OEM PKI and node operational certificates issued and renewed by the network commissioner PKI.
  • HTTPS, MQTTS - securing HTTP and MQTT with the mutual (D)TLS protocol using X.509 certificates provisioned on both sides by their respective PKI.
  • IEEE1609.2, C-ITS, ITS - standardization of digital security for vehicle-to-anything (V2X) communications, using PKI and certificates extensively.
F-Keyfactor_Illustration-Certificates and PKI
arrow

Solution

Start your Matter IoT certificate and PKI journey with confidence 

While free certificate issuance tools like Open SSL and self-signed certificates may be convenient for software development and test purposes, they are not recommended for production. Ensuring a smooth and secure transition to the next development phase is important. Using EJBCA's Community edition or our free Enterprise trials, you can establish the necessary private circles of trust while testing and prototyping. 

By following our step-by-step guides and watching our instructional videos, you can easily establish a PKI that enables you to generate certificates for your industrial infrastructure and IoT devices. Once you have set up your PKI, you can customize it to meet your specific requirements. You will have a fully operational PKI for your test devices, complete with Certificate Authorities, roles, certificate profiles, a configured use case/issuing protocol, and revocation support. 

Get started with video tutorials and how-tos:

  • Get started with birth identities based on IEEE 802.1AR
  • Get started with certificates for your Matter IoT devices 
  • Certificates for TLS and mTLS, manually or via REST

Tutorials

EJBCA logo website
REST
2023-06-18

Automated certificate issuing via EJBCA REST

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
PYTHON / POSTMAN
EJBCA logo website
Birth Identities
IoT
2023-05-30

Get started with birth identities based on IEEE 802.1AR

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
IEEE 802.1AR
EJBCA logo website
IoT
2023-05-30

Get started with Matter IoT

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Matter
DevOps
IoT
TLS & mTLS
2023-02-06

Client TLS certificates for mTLS, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
mTLS
EJBCA logo website
DevOps
IoT
TLS & mTLS
2023-02-06

Server TLS certificates, manual issuance

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
mTLS

Get inspired

Stay up to date with the latest news and blog articles, and find out about upcoming events related to EJBCA.

PKI hierarchies - 1, 2, 3 tiers ?
DevOps
Installation & Deployment
Tech Update
Ejbca
Signserver
27 June, 2024

Configuring EJBCA as an Ephemeral Certificate Authority

EJBCA can be set up to operate as an Ephemeral Certificate Authority (CA). In...
Keyfactor Release
DevOps
Implementing Cryptography
Industrial Cybersecurity & IoT
Installation & Deployment
Post-Quantum Cryptography
Signing
Release
Ejbca
20 June, 2024

New Release Announcement: EJBCA Community 8.3

New release: EJBCA Community 8.3, including Hybrid Certificate support, updat...
Keyfactor Event
Event
Ejbca
Signserver
16 June, 2024

Tomas Gustavsson will be speaking at #CNSCon in Seattle.

Tomas Gustavsson, our Chief PKI Officer, will be speaking at #CNSCon North Am...

Related open-source projects