Managing broker certificates
Warning
Yandex IoT Core is no longer available to new users.
Current users can create resources until November 1, 2026. Afterwards, the service will go read-only and cease to operate on December 1, 2026. For more information on the timing and procedure, see Service shutdown.
Note
The broker is at the Preview stage.
To start exchanging messages between broker clients, you must log in. This section describes how to manage broker certificates for the relevant authorization method.
Note
When using an X.509 certificate along with a password, the password has higher priority.
- Viewing a list of broker certificates
- Adding a certificate to a broker
- Deleting a broker certificate
To access a broker, use its unique ID or name. For info on how to get the unique broker ID or name, see Getting information about a broker.
Getting a list of broker certificates
- In the management console, select the folder where the broker is located.
- Go to IoT Core.
- In the left-hand panel, select Brokers.
- Select the broker. A list of certificates will be displayed in the Certificates section.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
Get a list of broker certificates:
yc iot broker certificate list --broker-name my-broker
Result:
+------------------------------------------+---------------------+
| FINGERPRINT | CREATED AT |
+------------------------------------------+---------------------+
| 0f511ea32139178edf73afb953a9cc********** | 2019-05-29 16:46:23 |
| 589ce1605019eeff7bb0992f290be0********** | 2019-05-29 16:40:48 |
+------------------------------------------+---------------------+
To get a list of broker certificates, use the listCertificates REST API method for the Broker resource or the BrokerService/ListCertificates gRPC API call.
Adding a certificate
-
In the management console, select the folder to add the broker certificate to.
-
Navigate to IoT Core.
-
In the left-hand panel, select Brokers.
-
Select the appropriate broker from the list.
-
On the Overview page, go to the Certificates section and click Add certificate.
-
To add a file:
- Select the
Filemethod. - Click Attach file.
- Select the certificate file on your computer and click Open.
- Click Add.
- Select the
-
To add text:
- Select the
Textmethod. - Insert the certificate body in the Content field.
- Click Add.
- Select the
-
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
Add a certificate to the broker:
yc iot broker certificate add \
--broker-name my-broker \
--certificate-file broker-cert.pem
Where:
--broker-name: Broker name.--certificate-file: Path to the public part of the certificate.
Result:
broker_id: b91ki3851h**********
fingerprint: 589ce1605...
certificate_data: |
-----BEGIN CERTIFICATE-----
MIIE/jCCAuagAw...
-----END CERTIFICATE-----
created_at: "2019-05-29T16:40:48.230Z"
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), authenticate using the appropriate method.
To add a certificate to a broker created using Terraform:
-
In the configuration file, specify the properties of the resources you want to create:
yandex_iot_core_broker: Broker parameters:name: Broker name.description: Broker description.certificates: List of broker certificates for authentication with certificates.
Example broker description in the Terraform configuration:
resource "yandex_iot_core_broker" "my_broker" { name = "test-broker" description = "test broker for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }For more information about
yandex_iot_core_brokerproperties, see this Terraform provider guide. -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is valid, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesinto the terminal and press Enter.You can verify broker certificates using the management console or this CLI command:
yc iot broker certificate list --broker-name <broker_name>
To add a certificate to a broker, use the addCertificate REST API method for the Broker resource or the BrokerService/AddCertificate gRPC API call.
Deleting a certificate
- In the management console, select the folder to delete the broker certificate from.
- Navigate to IoT Core.
- In the left-hand panel, select Brokers.
- Select the appropriate broker from the list.
- On the Overview page, go to the Certificates section.
- In the line with the certificate, click and select Delete from the drop-down list.
- In the window that opens, click Delete.
If you do not have the Yandex Cloud CLI yet, install and initialize it.
The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.
-
Delete a broker certificate:
yc iot broker certificate delete --broker-name my-broker --fingerprint 0f... -
Make sure the certificate was deleted:
yc iot broker certificate list --broker-name my-brokerResult:
+-------------+------------+ | FINGERPRINT | CREATED AT | +-------------+------------+ +-------------+------------+
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the relevant documentation on the Terraform website or its mirror.
If you do not have Terraform yet, install it and configure the Yandex Cloud provider.
To manage infrastructure using Terraform under a service account or user accounts (a Yandex account, a federated account, or a local user), authenticate using the appropriate method.
To delete a broker certificate created using Terraform:
-
Open the Terraform configuration file and delete the certificate value in the
certificatesblock, in the broker description fragment. To remove all certificates, delete the entirecertificatessection.Example broker description in the Terraform configuration:
resource "yandex_iot_core_broker" "my_broker" { name = "test-broker" description = "test broker for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }For more information about
yandex_iot_core_brokerproperties, see this Terraform provider guide. -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is valid, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planYou will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesinto the terminal and press Enter.You can verify broker certificates using the management console or this CLI command:
yc iot broker certificate list --broker-name <broker_name>
To delete a broker certificate, use the deleteCertificate REST API method for the Broker resource or the BrokerService/DeleteCertificate gRPC API call.