Managing device certificate
Using a signed certificate
ClearBlade IoT Core can verify device public key certificates against self-signed CA certificates and CA certificates generated by a trusted third party. Once you have CA certificates, add them to a registry. For more information, see "Generating CA certificates at https://docs.clearblade.com.
ClearBlade IoT Core verifies CA certificates at the registry level, so all CA certificates must be associated with a registry. You can add a certificate to multiple registries.
Certificate expiry
ClearBlade IoT Core supports multiple active keys (up to 3 per device) to allow uninterrupted rotation. The service will try to verify JWTs with each active key and will accept a connection if any active key matches.
Note:
Niagara requires that you upload a new certificate before the token expires and that you select the new certificate under Token parameters.
Support is provided to rotate keys per device by allowing concurrent keys to be registered and support for expiration time per credential. However, the key rotation is not implemented in Niagara.