Managing broker certificates
Note
The broker is at the Preview stage.
To start exchanging messages between broker clients, you must log in. This section describes how to manage broker certificates for the relevant authorization method.
Note
When using an X.509 certificate along with a password, the password has higher priority.
- Viewing a list of broker certificates
- Adding a certificate to a broker
- Deleting a broker certificate
To access a broker, use its unique ID or name. For info on how to get the unique broker ID or name, see Getting information about a broker.
Getting a list of broker certificates
- In the management console
, select the folder where the broker is located. - Select IoT Core.
- In the left-hand panel, select Brokers.
- Select the broker. A list of certificates will be displayed in the Certificates section.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Get a list of broker certificates:
yc iot broker certificate list --broker-name my-broker
Result:
+------------------------------------------+---------------------+
| FINGERPRINT | CREATED AT |
+------------------------------------------+---------------------+
| 0f511ea32139178edf73afb953a9cc********** | 2019-05-29 16:46:23 |
| 589ce1605019eeff7bb0992f290be0********** | 2019-05-29 16:40:48 |
+------------------------------------------+---------------------+
To get a list of broker certificates, use the listCertificates REST API method for the Broker resource or the BrokerService/ListCertificates gRPC API call.
Adding a certificate
-
In the management console
, select the folder to add the broker certificate to. -
Select IoT Core.
-
In the left-hand panel, select Brokers.
-
Select the appropriate broker from the list.
-
On the Overview page, go to the Certificates section and click Add certificate.
-
To add a file:
- Choose the
File
method. - Click Attach file.
- Select the certificate file on your computer and click Open.
- Click Add.
- Choose the
-
To add text:
- Choose the
Text
method. - Insert the certificate body in the Content field.
- Click Add.
- Choose the
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Add a certificate to the broker:
yc iot broker certificate add \
--broker-name my-broker \
--certificate-file broker-cert.pem
Where:
--broker-name
: Broker name.--certificate-file
: Path to the public part of the certificate.
Result:
broker_id: b91ki3851h**********
fingerprint: 589ce1605...
certificate_data: |
-----BEGIN CERTIFICATE-----
MIIE/jCCAuagAw...
-----END CERTIFICATE-----
created_at: "2019-05-29T16:40:48.230Z"
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To add a certificate to a broker created using Terraform:
-
In the configuration file, describe the parameters of the resources you want to create:
yandex_iot_core_broker
: Broker parameters:name
: Broker name.description
: Broker description.certificates
: List of broker certificates for authorization using certificates.
Example broker description in the Terraform configuration:
resource "yandex_iot_core_broker" "my_broker" { name = "test-broker" description = "test broker for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }
For more information about the
yandex_iot_core_broker
resource parameters in Terraform, see the relevant provider documentation . -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can verify broker certificates in the management console
or using the following CLI command:yc iot broker certificate list --broker-name <broker_name>
To add a certificate to a broker, use the addCertificate REST API method for the Broker resource or the BrokerService/AddCertificate gRPC API call.
Deleting a certificate
- In the management console
, select the folder to delete the broker certificate from. - Select IoT Core.
- In the left-hand panel, select Brokers.
- Select the appropriate broker from the list.
- On the Overview page, go to the Certificates section.
- In the line with the certificate, click
and select Delete from the drop-down list. - In the window that opens, click Delete.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
Delete a broker certificate:
yc iot broker certificate delete --broker-name my-broker --fingerprint 0f...
-
Make sure the certificate was deleted:
yc iot broker certificate list --broker-name my-broker
Result:
+-------------+------------+ | FINGERPRINT | CREATED AT | +-------------+------------+ +-------------+------------+
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To delete a broker certificate created using Terraform:
-
Open the Terraform configuration file and delete the certificate value in the
certificates
block, in the broker description fragment. To remove all certificates, delete the entirecertificates
section.Example broker description in the Terraform configuration:
resource "yandex_iot_core_broker" "my_broker" { name = "test-broker" description = "test broker for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }
For more information about the
yandex_iot_core_broker
resource parameters in Terraform, see the relevant provider documentation . -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can verify broker certificates in the management console
or using the following CLI command:yc iot broker certificate list --broker-name <broker_name>
To delete a broker certificate, use the deleteCertificate REST API method for the Broker resource or the BrokerService/DeleteCertificate gRPC API call.