Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Managing broker certificates

Written by
Updated at May 13, 2025

Note

The broker is at the Preview stage.

To start exchanging messages between broker clients, you must log in. This section describes how to manage broker certificates for the relevant authorization method.

Note

When using an X.509 certificate along with a password, the password has higher priority.

To access a broker, use its unique ID or name. For info on how to get the unique broker ID or name, see Getting information about a broker.

Getting a list of broker certificates

  1. In the management console, select the folder where the broker is located.
  2. Select IoT Core.
  3. In the left-hand panel, select Brokers.
  4. Select the broker. A list of certificates will be displayed in the Certificates section.

If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

Get a list of broker certificates:

yc iot broker certificate list --broker-name my-broker

Result:

+------------------------------------------+---------------------+
|               FINGERPRINT                |     CREATED AT      |
+------------------------------------------+---------------------+
| 0f511ea32139178edf73afb953a9cc********** | 2019-05-29 16:46:23 |
| 589ce1605019eeff7bb0992f290be0********** | 2019-05-29 16:40:48 |
+------------------------------------------+---------------------+

To get a list of broker certificates, use the listCertificates REST API method for the Broker resource or the BrokerService/ListCertificates gRPC API call.

Adding a certificate

  1. In the management console, select the folder to add the broker certificate to.

  2. Select IoT Core.

  3. In the left-hand panel, select Brokers.

  4. Select the appropriate broker from the list.

  5. On the Overview page, go to the Certificates section and click Add certificate.

    • To add a file:

      1. Choose the File method.
      2. Click Attach file.
      3. Select the certificate file on your computer and click Open.
      4. Click Add.

    • To add text:

      1. Choose the Text method.
      2. Insert the certificate body in the Content field.
      3. Click Add.

If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

Add a certificate to the broker:

yc iot broker certificate add \
  --broker-name my-broker \
  --certificate-file broker-cert.pem

Where:

  • --broker-name: Broker name.
  • --certificate-file: Path to the public part of the certificate.

Result:

broker_id: b91ki3851h**********
fingerprint: 589ce1605...
certificate_data: |
  -----BEGIN CERTIFICATE-----
  MIIE/jCCAuagAw...
  -----END CERTIFICATE-----
created_at: "2019-05-29T16:40:48.230Z"

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

To add a certificate to a broker created using Terraform:

  1. In the configuration file, describe the parameters of the resources you want to create:

    • yandex_iot_core_broker: Broker parameters:
      • name: Broker name.
      • description: Broker description.
      • certificates: List of broker certificates for authorization using certificates.

    Example broker description in the Terraform configuration:

    resource "yandex_iot_core_broker" "my_broker" {
  name        = "test-broker"
  description = "test broker for terraform provider documentation"
...
  certificates = [
    file("<path_to_first_certificate_file>"),
    file("<path_to_second_certificate_file>")
  ]
...
}

    For more information about the yandex_iot_core_broker resource parameters in Terraform, see the relevant provider documentation.

  2. In the command line, change to the folder where you edited the configuration file.

  3. Make sure the configuration file is correct using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  4. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  5. Apply the configuration changes:

    terraform apply

  6. Confirm the changes: type yes into the terminal and press Enter.

    You can verify broker certificates in the management console or using the following CLI command:

    yc iot broker certificate list --broker-name <broker_name>

To add a certificate to a broker, use the addCertificate REST API method for the Broker resource or the BrokerService/AddCertificate gRPC API call.

Deleting a certificate

  1. In the management console, select the folder to delete the broker certificate from.
  2. Select IoT Core.
  3. In the left-hand panel, select Brokers.
  4. Select the appropriate broker from the list.
  5. On the Overview page, go to the Certificates section.
  6. In the line with the certificate, click and select Delete from the drop-down list.
  7. In the window that opens, click Delete.

If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. Delete a broker certificate:

    yc iot broker certificate delete --broker-name my-broker --fingerprint 0f...

  2. Make sure the certificate was deleted:

    yc iot broker certificate list --broker-name my-broker

    Result:

    +-------------+------------+
| FINGERPRINT | CREATED AT |
+-------------+------------+
+-------------+------------+

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.

For more information about the provider resources, see the documentation on the Terraform website or mirror website.

If you do not have Terraform yet, install it and configure its Yandex Cloud provider.

To delete a broker certificate created using Terraform:

  1. Open the Terraform configuration file and delete the certificate value in the certificates block, in the broker description fragment. To remove all certificates, delete the entire certificates section.

    Example broker description in the Terraform configuration:

    resource "yandex_iot_core_broker" "my_broker" {
  name        = "test-broker"
  description = "test broker for terraform provider documentation"
...
  certificates = [
    file("<path_to_first_certificate_file>"),
    file("<path_to_second_certificate_file>")
  ]
...
}

    For more information about the yandex_iot_core_broker resource parameters in Terraform, see the relevant provider documentation.

  2. In the command line, change to the folder where you edited the configuration file.

  3. Make sure the configuration file is correct using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  4. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  5. Apply the configuration changes:

    terraform apply

  6. Confirm the changes: type yes into the terminal and press Enter.

    You can verify broker certificates in the management console or using the following CLI command:

    yc iot broker certificate list --broker-name <broker_name>

To delete a broker certificate, use the deleteCertificate REST API method for the Broker resource or the BrokerService/DeleteCertificate gRPC API call.

Previous
Managing device certificates
Next
Managing registry passwords