Best way to provision device level certificates

Are there device-level certificates that we may access (certs that were created during the initial provisioning process)?

I have an application that I would like to communicate with an mqtt server.

I would like to configure mqtt to use certificates. If the device is comprised, I would like the ability to revoke the certificates.

Ideally, I would like to use certificates that are already on the device vs developing a custom device certificate provisioning system (if possible). Thanks for any insight!



You haven’t mentioned AWS IoT - but I’ll link our docs for the same, since we are practically doing the same thing that you want there.

What we do is put the device specific certs as device environment variables in the dashboard (you can also use our SDK to do that). So each device gets its own credentials to talk to the MQTT server. And then you can revoke them as and when you need.

Balena devices have certificates on them - that are needed to securely communicate with our balena’s servers. These won’t be useful for your usecase since we don’t have a MQTT offering that you can use. So the certs that you want would have to be different - and provisioned by you. Hopefully the process I mentioned above is something that works for you!