Self managed CA for IoT devices

I am researching on securing IoT devices connecting to cloud services over public internet. I am not using any of the Cloud providers certificate management service. Would like to setup our own to keep cost manageable.

While searching on this I came across CFSSL: Cloudflare’s PKI and TLS toolkit, it’s completely new to me.

Wondering if I can use CFSSL to generate self-signed certificates for each IoT device and the device can use the certificate when device talk to our cloud services ? Also can I deactivate the existing certificate assigned to specific device ?

Appreciate any help on this.

1 Like

You can use CFSSL to do what you are proposing. The tricky bit is having a secure process to put a unique certificate on each device, and ensuring it cannot be extracted from the device.

You can also use mTLS authentication to secure access between your devices and your web services on Cloudflare, with the authentication rooted in your CA.

There is a dedicated product for IOT devices, called Orbit, but I think you will have to contact CF to find out the details about what it offers.

This topic was automatically closed after 30 days. New replies are no longer allowed.