Managing registry certificates
For devices and registries to begin exchanging data and commands, you need to log in. This section describes how to manage registry certificates for the appropriate authorization method.
Note
When using an X.509 certificate along with a password, the password has higher priority.
- Viewing a list of registry certificates
- Adding a certificate to a registry
- Deleting a registry certificate
To access a registry, use its unique ID or name. For information about how to find the unique ID or name, see Getting information about registries.
Getting a list of registry certificates
- In the management console
, select the folder where the registry is located. - Select IoT Core.
- Select the registry.
- On the Overview page, go to the Certificates section.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
Get a list of registry certificates:
yc iot registry certificate list --registry-name my-registry
Result:
+------------------------------------------+---------------------+
| FINGERPRINT | CREATED AT |
+------------------------------------------+---------------------+
| 0f511ea32139178edf73afb953a9cc39******** | 2019-05-29 16:46:23 |
| 589ce1605019eeff7bb0992f290be0cd******** | 2019-05-29 16:40:48 |
+------------------------------------------+---------------------+
To get a list of registry certificates, use the listCertificates REST API method for the Registry resource or the RegistryService/ListCertificates gRPC API call.
Adding a certificate
To add a certificate to a registry:
-
In the management console
, select the folder to add the registry certificate to. -
Select IoT Core.
-
Select the required registry from the list.
-
On the Overview page, go to the Certificates section and click Add certificate.
-
To add a file:
- Choose the
File
method. - Click Attach file.
- Specify the certificate file on your computer and click Open.
- Click Add.
- Choose the
-
To add text:
- Choose the
Text
method. - Insert the certificate body in the Content field.
- Click Add.
- Choose the
-
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
Add a certificate to the registry:
yc iot registry certificate add \
--registry-name my-registry \ # Registry name.
--certificate-file registry-cert.pem # Path to the public part of the certificate.
Result:
registry_id: b91ki3851hab********
fingerprint: 589ce1605...
certificate_data: |
-----BEGIN CERTIFICATE-----
MIIE/jCCAuagAw...
-----END CERTIFICATE-----
created_at: "2019-05-29T16:40:48.230Z"
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To add a certificate to a registry created using Terraform:
-
In the configuration file, describe the parameters of the resources you want to create:
yandex_iot_core_registry
: Registry parameters:name
: Registry name.description
: Registry description.certificates
: List of registry certificates for authorization using certificates.
Example registry description in the Terraform configuration:
resource "yandex_iot_core_registry" "my_registry" { name = "test-registry" description = "test registry for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }
For more information about the
yandex_iot_core_registry
resource parameters in Terraform, see the relevant provider documentation . -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can verify registry certificates using the management console
or this CLI command:yc iot registry certificate list --registry-name <registry_name>
To add a certificate to a registry, use the addCertificate REST API method for the Registry resource or the RegistryService/AddCertificate gRPC API call.
Deleting a certificate
To delete a registry certificate:
- In the management console
, select the folder to delete the registry certificate from. - Select IoT Core.
- Select the required registry from the list.
- On the Overview page, go to the Certificates section.
- In the line with the certificate, click
and select Delete from the drop-down list. - In the window that opens, click Delete.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
-
Delete a registry certificate:
yc iot registry certificate delete --registry-name my-registry --fingerprint 0f...
-
Make sure the certificate was deleted:
yc iot registry certificate list --registry-name my-registry
Result:
+-------------+------------+ | FINGERPRINT | CREATED AT | +-------------+------------+ +-------------+------------+
With Terraform
Terraform is distributed under the Business Source License
For more information about the provider resources, see the documentation on the Terraform
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To delete the certificate of a registry created using Terraform:
-
Open the Terraform configuration file and delete the certificate value in the
certificates
section, in the registry description fragment. To remove all certificates, delete the entirecertificates
section.Example registry description in the Terraform configuration:
resource "yandex_iot_core_registry" "my_registry" { name = "test-registry" description = "test registry for terraform provider documentation" ... certificates = [ file("<path_to_first_certificate_file>"), file("<path_to_second_certificate_file>") ] ... }
For more information about the
yandex_iot_core_registry
resource parameters in Terraform, see the relevant provider documentation . -
In the command line, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can verify registry certificates using the management console
or this CLI command:yc iot registry certificate list --registry-name <registry_name>
To delete a registry certificate, use the deleteCertificate REST API method for the Registry resource or the RegistryService/DeleteCertificate gRPC API call.