To request a CA to generate a device certificate you need a Certificate Signing Request (CSR), a CSR contains the device public key, metadata like CommonName, Org, serial number, etc and is normally singed by the device private key. In this case, the FreeRTOS demo project does not contain the logic to create this CSR, so we can't perform this action on the device and we need a solution to generate the CSR outside the device without having access to the device private key.
If the private key is stored in a secure module on the device, we won't even be able to extract the device private key from the device to generate the CSR outside of the device. So we need an alternative way to create the CSR.
That's the reason, the
tempCsrSigner.key private key is generate outside the device. And this key pair is used to create the device CSR. The generated CSR now of course contains the wrong public key (tempCsrSigner).
-force_pubkey DevicePublicKey.pem to provide the actual device public key when you create the device certificate signed by your CA.
An important step that is omitted here is to verify that the CSR is signed by the
tempCsrSigner.key before the device certificate is generated.
Application side data protection with FIPS 140-2 Level 3 : what to use out of Encryption SDK, KMS or Cloud HSM?asked 8 months ago
What is the CloudFormation equivalent of the "Restricted" user?asked 3 years ago
Developer-mode Key Provisioning - Option #2asked a year ago
What is the purpose of Workdocs Companion?Accepted Answerasked 10 months ago
Has the option to add a gateway to IoT Core disappeared?Accepted Answerasked 5 months ago
Where is domain join directory option in the new launch experience?Accepted Answerasked 6 months ago
S3 integration Oracle RDS adding option to existing option groupAccepted Answerasked 4 years ago
Where to find the search optionasked a year ago
Did the definition of the CacheSubnets option change?Accepted Answerasked 2 years ago
What is the best option to query or mutate data with business logic from frontend?asked 3 months ago