Managing registry certificates
For devices and registries to begin exchanging data and commands, you need to log in. This section describes how to manage registry certificates for the appropriate authorization method.
Note
When using an X.509 certificate along with a password, the password has higher priority.
- Viewing a list of registry certificates
- Adding a certificate to a registry
- Deleting a registry certificate
To access a registry, use its unique ID or name. For information about how to find the unique ID or name, see Getting information about registries.
Getting a list of registry certificates
- In the management console, select the folder where the registry is located.
- Select IoT Core.
- Select the registry.
- On the Overview page, go to the Certificates section.
If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.
The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.
Get a list of registry certificates:
yc iot registry certificate list --registry-name my-registry
Result:
+------------------------------------------+---------------------+
| FINGERPRINT | CREATED AT |
+------------------------------------------+---------------------+
| 0f511ea32139178edf73afb953a9cc39******** | 2019-05-29 16:46:23 |
| 589ce1605019eeff7bb0992f290be0cd******** | 2019-05-29 16:40:48 |
+------------------------------------------+---------------------+
To get a list of registry certificates, use the listCertificates REST API method for the Registry resource or the RegistryService/ListCertificates gRPC API call.
Adding a certificate
To add a certificate to a registry:
-
In the management console, select the folder to add the registry certificate to.
-
Select IoT Core.
-
Select the required registry from the list.
-
On the Overview page, go to the Certificates section and click Add certificate.
-
To add a file:
- Choose the
Filemethod. - Click Attach file.
- Specify the certificate file on your computer and click Open.
- Click Add.
- Choose the
-
To add text:
- Choose the
Textmethod. - Insert the certificate body in the Content field.
- Click Add.
- Choose the
-
If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.
Add a certificate to the registry:
yc iot registry certificate add \
--registry-name my-registry \ # Registry name.
--certificate-file registry-cert.pem # Path to the public part of the certificate.
Result:
registry_id: b91ki3851hab********
fingerprint: 589ce1605...
certificate_data: |
-----BEGIN CERTIFICATE-----
MIIE/jCCAuagAw...
-----END CERTIFICATE-----
created_at: "2019-05-29T16:40:48.230Z"
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the documentation on the Terraform website or mirror website.
If you do not have Terraform yet, install it and configure its Yandex Cloud provider.
To add a certificate to a registry created using Terraform:
-
In the configuration file, describe the parameters of the resources you want to create:
yandex_iot_core_registry: Registry parameters:name: Registry name.description: Registry description.certificates: List of registry certificates for authorization using certificates.
Example registry description in the Terraform configuration:
resource "yandex_iot_core_registry" "my_registry" { name = "test-registry" description = "test registry for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }For more information about the
yandex_iot_core_registryresource parameters in Terraform, see the relevant provider documentation. -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planThe terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesinto the terminal and press Enter.You can verify registry certificates using the management console or this CLI command:
yc iot registry certificate list --registry-name <registry_name>
To add a certificate to a registry, use the addCertificate REST API method for the Registry resource or the RegistryService/AddCertificate gRPC API call.
Deleting a certificate
To delete a registry certificate:
- In the management console, select the folder to delete the registry certificate from.
- Select IoT Core.
- Select the required registry from the list.
- On the Overview page, go to the Certificates section.
- In the line with the certificate, click and select Delete from the drop-down list.
- In the window that opens, click Delete.
If you do not have the Yandex Cloud (CLI) command line interface yet, install and initialize it.
-
Delete a registry certificate:
yc iot registry certificate delete --registry-name my-registry --fingerprint 0f... -
Make sure the certificate was deleted:
yc iot registry certificate list --registry-name my-registryResult:
+-------------+------------+ | FINGERPRINT | CREATED AT | +-------------+------------+ +-------------+------------+
With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. These files store the infrastructure description written in HashiCorp Configuration Language (HCL). If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
Terraform is distributed under the Business Source License. The Yandex Cloud provider for Terraform is distributed under the MPL-2.0 license.
For more information about the provider resources, see the documentation on the Terraform website or mirror website.
If you do not have Terraform yet, install it and configure its Yandex Cloud provider.
To delete the certificate of a registry created using Terraform:
-
Open the Terraform configuration file and delete the certificate value in the
certificatessection, in the registry description fragment. To remove all certificates, delete the entirecertificatessection.Example registry description in the Terraform configuration:
resource "yandex_iot_core_registry" "my_registry" { name = "test-registry" description = "test registry for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }For more information about the
yandex_iot_core_registryresource parameters in Terraform, see the relevant provider documentation. -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validateIf the configuration is correct, you will get this message:
Success! The configuration is valid. -
Run this command:
terraform planThe terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply -
Confirm the changes: type
yesinto the terminal and press Enter.You can verify registry certificates using the management console or this CLI command:
yc iot registry certificate list --registry-name <registry_name>
To delete a registry certificate, use the deleteCertificate REST API method for the Registry resource or the RegistryService/DeleteCertificate gRPC API call.