Open source IoT X509 certificate management

Open source IoT X509 certificate management

Zibawa has now launched open source software for creating your own public key infrastructure for IoT devices.

The software is designed to allow user devices to request,download and automatically renew X509 client certificates, taking the headache out of device password management.  The system administration panel allows administrators to approve initial requests, and if necessary revoke certificates.

Many common IoT software such as mosquitto or rabbitMQ offer the option to use X509 certificates in place of usernames and passwords, but although a more robust solution, is often not used due to the complexities of managing certificate renewal.  The Zibawa software enables manufacturers and maintainers of IoT devices to deploy devices with identical firmware code.  When a device is deployed, it will request a certificate from the IoT_pki backend (which initially must be approved by the system administrator).  From then on, the same firmware can renew certificates as often as necessary without the need for human interaction.

Below shown the admin screens for approving certificate requests, or for revoking certificates.



A test python client is also available which downloads and renews an example X509 certificate to your PC.

The software is freely available on GitHub.


Comments are closed.