1. Using Oracle Internet of Things Asset Monitoring Cloud Service
  2. Work with Your Assets
  3. Create and Manage Assets
  4. Use Direct Data Ingestion for Your Sensor Attributes
  5. Demonstration: Create, Upload, and Verify a Root Certificate

Demonstration: Create, Upload, and Verify a Root Certificate

We download and use the gencert.sh utility to generate a self-signed root certificate. We next upload the root certificate to the IoT server, and verify it.

  1. In your IoT application, navigate to Menu Menu icon > Settings > Security > Certificates.
  2. Select Download Certificate Generation Tool from the menu on the Certificates page.

    Download Certificate Generation Tool option

    Save the gencert.sh script file on your hard disk.

  3. Run the gencert.sh utility to generate the root certificate.

    You can use the help option to look at the various options: gencert.sh help.


    gencert help

    We use visioncorp as the root common name for our root certificate.

    Issue the following command: gencert.sh root visioncorp. We use the default options for other parameters, such as Country and State. Press Enter when the command prompts for these options, so as to accept the default option.


    Generating root certificate for visioncorp

    The tool generates files, such as the root certificate file (visioncorp-cert.pem) and the private key (visioncorp-key.pem) in the certs\visioncorp directory.


    Root Certificate Files in Certs Directory

  4. On the Certificates page, use the Upload Certificate menu option to upload the root certificate.


    Upload Certificate Menu Item

    We provide a root certificate name and description, and upload the visioncorp-cert.pem file.


    Upload Root Certificate Dialog

    Note:

    In your production environment, you would normally use a certificate issued by your CA, as opposed to a self-signed certificate.
  5. Use the Verify Root Certificate option to verify the root certificate.


    Verify Root Certificate menu option

    The server generates a verification code challenge that we need to sign with the private key to verify the certificate. Click Copy to Clipboard to copy the verification code. We'd next use it in the gencert.sh utility to generate the verification certificate.


    Verification Code Challenge

  6. Use the gencert.sh command to generate the verification certificate by signing the verification code with the private key associated with the root certificate.

    gencert.sh verify cert-common-name verification-code generates the verification certificate for the given certificate common name (CN) and verification code.

    We use the copied verification code in the following command:


    Generate Verification Certificate

    The gencert.sh tool adds the visioncorp-verification-cert.pem file to the certs\visioncorp directory.

  7. Upload the signed certificate (visioncorp-verification-cert.pem) in the Verify Certificate dialog and confirm successful verification.


    Confirm successful verification

    Notice that the status of the root certificate changes from Known to Verified.


    Verified Root Certificate