Skip to main content

Certificates management messages

The certificate renewal procedure has the following sequence:

CloudCloudDeviceDevicerenewCertificatesNotificationissueUnitCertificatesissuedUnitCertificatesinstallUnitCertificatesConfirmation

Certificate renewal notification

This message is sent from AosCloud to the unit to force it to begin the certificate update procedure.

The certificate structure is shown below:

{
    "header": {
        "version": 5,
        "messageType": "renewCertificatesNotification",
        "systemId": "uid"
    },
    "data": {
        "certificates": [
            {
                "type": "offline",
                "nodeId": "node0",
                "serial": "48FAC66F9994BA0EA0BC71EE6E0CAB79A0A2E6DF",
                "validTill": "ISO-TIME"
            },
            {
                "type": "online",
                "nodeId": "node0",
                "serial": "48FAC66F9994BA0EA0BC71EE6E0CAB79A0A2E6DF",
                "validTill": "ISO-TIME"
            }
        ],
        "unitSecureData": "CMS binary data"
    }
}
FieldRequiredDescription
type+Certificate type. Currently supported only "online", "offline"
nodeId-node id where the certificate should be renewed
serial-The serial no of the certificate
validTill*The end date of the certificate

Certificate renew confirmation

The “Certificate renew confirmation” message is sent from a unit to AosCloud to confirm that the certificate update process is finished.

{
    "header": {
        "version": 5,
        "messageType": "installUnitCertificatesConfirmation",
        "systemId": "uid"
    },
    "data": {
        "certificates": [
            {
                "type": "online",
                "nodeId": "node0",
                "serial": "NEW_SERIAL_NUMBER1",
                "status": "installed"
            },
            {
                "type": "offline",
                "nodeId": "node0",
                "serial": "NEW_SERIAL_NUMBER2",
                "status": "error",
                "description": "error description"
            }
        ]
    }
}

Issue new certificate

The “Issue new certificate” message is sent from units to AosCloud for issuing a new certificate.

{
    "header": {
        "version": 5,
        "messageType": "issueUnitCertificates",
        "systemId": "uid"
    },
    "data": {
        "requests": [
            {
                "type": "online",
                "nodeId": "node0",
                "csr": "PEM or Base64 encoded DER CSR string"
            },
            {
                "type": "offline",
                "nodeId": "node0",
                "csr": "PEM or Base64 encoded DER CSR string"
            }
        ]
    }
}
FieldRequiredDescription
type+The certificate type (online/offline)
publicKey+The new public key
publicKeySignUsingNewKey+The sign over the public key using the newly generated private key

Issue new certificate response

The “Issue new certificate response” message is sent from AosCloud to the unit as the response to a certificate issue request.

{
    "header": {
        "version": 5,
        "messageType": "issuedUnitCertificates",
        "systemId": "uid"
    },
    "data": {
        "certificates": [
            {
                "type": "online",
                "nodeId": "node0",
                "certificateChain": "Certificate1 pem"
            },
            {
                "type": "offline",
                "nodeId": "node0",
                "certificateChain": "Certificate2 pem"
            }
        ]
    }
}