Understanding Certificates
In any network where data communication occurs, authentication is crucial for establishing a secure and trustworthy communication channel. In Zoho IoT, Transport Layer Security (TLS) ensures that the data transmitted between the device and the server originates from a trusted source, thereby maintaining the integrity of the data.
When using MQTT gateway devices in the IoT setup, it is recommended to use Client Certificates with TLS as the authentication type. In this case, the application employs TLS to authenticate self-signed X509 client certificates. Associating a certificate with an MQTT device enables the device to verify its identity to the server and securely communicate with it.
Certificate Creation
Zoho IoT Application provides the following two ways in which you can create a certificate:
- Using the Create Certificate option
- When associating a certificate with an MQTT device
Using the Create Certificate option
Certificates can be created using the Add Certificate option in the application. Certificates created using this method, can be associated to any existing MQTT device which is registered with the Client Certificate with TLS authentication type.
Note: During gateway creation, the MQTT device must be created with the Client Certificate option to allow mapping the certificate to the gateway.
Refer to the Working with Certificates document for step-by-step procedure.
2. When Associating Certificate with MQTT device
Certificates can be created and associated while adding MQTT Devices. During device creation, the authentication type must be selected as Client Certificate with TLS. Upon registration of this MQTT Device, the Associate Certificate option is displayed to associate any certificate to the device. Here, you can also create a new certificate if required and associate.
Contents of the Certificate Zip File
Upon creating a certificate, a zip file is created containing the following files. The file must be downloaded and saved for later use after creation.
File | Description |
<cert_name>.cert.pem | Contains a digital certificate in the PEM (Privacy Enhanced Mail) format. PEM is a commonly used format for encoding and exchanging digital certificates, private keys, and other secure information. |
<cert_name>.public.key | Contains the public key that corresponds to the private key contained in the private.key file. The public key is used to encrypt data that can only be decrypted with the corresponding private key. |
<cert_name>.private.key | Contains the private key that corresponds to the public key contained in the public.key file. |
ZohoIoTServerRootCA.pem | Contains the public key and other identifying information of the root CA. It is used to establish trust between different entities by allowing them to verify the digital signature on the certificates that are issued by the root CA. |
Note: Client Certificates in the IoT Application are created with 10 years of validity.
Downloading the Certificate
The generated certificate, along with private and public keys, can be downloaded from this popup window as a compressed zip file or as individual files.
Warning: The certificates zip file contains the certificate, private, and public keys. Once the Certificate Details popup is closed, only the certificate key will be available for download. You may need to generate the new certificate if a zip file fails to download or is misplaced.
The private key is not available in the database and therefore not available for download later.
Downloading the Root CA Certificate
The ZohoIoTServerRootCA.pem file is a Root Certificate Authority (CA) certificate that must be downloaded and installed when a system does not have a trusted root certificate store available. It contains the public key and other information to establish trust between different entities by allowing them to verify the digital signature on the certificates that are issued by the root CA. In other words, this file acts as a trusted entity to authenticate the identity of the Zoho IOT server during secure communications.
Note: Multiple devices can use the same set of certificate files. Multiple certificates can be associated to a single device using the Associate Certificate option. However only one certificate can be used at a time for connectivity.
Refer to the Certificate Usage document for more details.
Associating Certificate to Policy
Every certificate must be mapped to a policy. In general, a policy helps to define various rules and operations. These rules come under two broad categories: "Device communication with the application" and "Application communication with the device". The tasks such as "Telemetry Data", "Device Notification/Event Data", "Subscribe to Command", and "Edge Agent Configuration", are divided under these categories. You can activate one or more actions to define a policy and assign it to a certificate. The certificate, when associated to a device, ensures the device performs only the actions configured in the policy.
Refer to the Understanding Policies document for more details.
Example: Consider a gateway device that has one or more certificates. This device can use any of the certificates to connect to the application. However, the action which can be performed by the device depends on the policy which is assigned to the certificate used by the device.
Certificate Views
List View
The list view of the certificate can be accessed from the End Application by clicking Devices > Certificates in the left pane.
Certificate Details View
The details view contains the details of the certificate along with the associated policy. This view can be accessed by clicking on the certificate name in the list view.
Devices View
The device view contains the references to the associated devices. This view can be accessed by clicking on the certificate name in the list view displayed above. And clicking on the Attached Gateways tab.
Timeline View
The activities performed on the certificate is listed in the Timeline tab.
FAQ: What is the validity of the Client Certificate and the Org Root Certificate from which the client certificate is created?
The validity of the Client Certificate is 10 years, and the validity of the Org Root Certificate from which the client certificate is created is 20 years.
Availability
All Certificate operations require necessary permissions. Refer to Users and Profiles document for more details.
Check Feature Availability and Limits
Check Feature Availability and Limits
See Also
Access your files securely from anywhere
Zoho CRM Training Programs
Learn how to use the best tools for sales force automation and better customer engagement from Zoho's implementation specialists.
Zoho DataPrep Personalized Demo
If you'd like a personalized walk-through of our data preparation tool, please request a demo and we'll be happy to show you how to get the best out of Zoho DataPrep.
- Zoho Workerly Home
- Forums
- Connect With Us:
- Zoho Recruit Home
- Forums
- Connect With Us:
New to Zoho Writer?
Create. Review. Publish.
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho CRM Plus?
Deliver unforgettable customer experiences
New to Zoho Marketing Plus?
Everything you need to run your marketing
New to Zoho Marketing Plus?
Everything you need to run your marketing
You are currently viewing the help pages of Qntrl’s earlier version. Click here to view our latest version—Qntrl 3.0's help articles.
New to Zoho Survey?
Zoho Sheet Resources
Zoho Forms Resources
New to Zoho Sign?
Zoho Sign Resources
Sign, Paperless!
New to Zoho TeamInbox?
Zoho TeamInbox Resources
New to Zoho ZeptoMail?
Design. Discuss. Deliver.
New to Zoho Workerly?
New to Zoho Recruit?
New to Zoho CRM?
New to Zoho Projects?
New to Zoho Sprints?
New to Zoho Assist?
New to Bigin?
Related Articles
Working with Certificates
This document provides complete instructions on working with the various operations related to certificates. Following the step-by-step procedures, you will be able to create, associate, download, activate, deactivate, revoke, edit, and delete ...Understanding Policies
The Policy feature in Zoho IoT allows you to define a set of permissible actions for devices using MQTT and client certificate authentication. These actions specify the allowed communications between the device and the cloud, enabling the sending and ...Understanding Audit Logs
Audit Logs provide a record of all user and system activities within the Zoho IoT application in chronological order. For example, activities such as creating a device, deleting a datapoint, or updating a map are all logged in the audit logs. This ...Understanding Assets
In Zoho IoT applications, any physical object that is being managed by a sensor or device can be added virtually as an asset. Adding them as assets simplifies monitoring and ensures efficient management of the connected resources. Resources like ...Understanding Fields
In Zoho IOT applications, fields are essential components used to collect data as input from users. These fields serve as the primary means through which users can manually provide information to the application. Fields are available on the details ...
New to Zoho LandingPage?
Zoho LandingPage Resources