Device Gateway: Certificate Management
G-SDK uses SSL/TLS X.509 certificates for secure communication. The certificates fulfill two functions. First, they can assist with authenticating and verifying the identity of a device gateway. Second, they enable the encryption of communication packets. Please note that the private keys should not be shared with anyone.
Device gateway alone
When you use a device gateway alone, you need the following certificates.
- ca_cert
- The root CA certificate in PEM format. You can create it using -c command line option. Your applications also need this file to authenticate the device gateway.
- ca_key
- The private key of the root CA in PEM format. It will be created with ca_cert.
- server_cert
- The server certificate of the device gateway in PEM format. You can create it using -c or -cs command line option. Your application will authenticate this certificate with the ca_cert.
- server_key
- The private key of the server certificate in PEM format. It will be created with server_cert.
With master gateway
The master gateway adopts mutual authentication for more secure communication. So, if you want the device gateway to connect to a master gateway, you need the following certificates, too.
- master_ca_cert
- The root CA of the master gateway in PEM format. It will be used to authenticate the master gateway. See server certificate for creating this certificate.
- gateway_cert
- The client certificate in PEM format to connect to the master gateway. See gateway certificate for creating this certificate.
- gateway_key
- The private key of the client certificate in PEM format. It will be created with gateway_cert.