Certificates for the device connectivity layer
To secure the endpoints of the device connectivity layer, we use X.509 certificate Public Key Infrastructure.
The kind of certificate used differs by endpoint.
Application and management endpoints
For all application and management endpoints world-trusted certificates, issued by well-known certificate authorities, are used.
This brings the advantage that most systems will be able to validate those certificates by default.
Device endpoints
For the device endpoints and protocol adapters we use a more narrowed down certificate approach.
Devices often do not have the resources to maintain and validate many multiple root CAs.Our device certificates are therefore all issued by the Let’s Encrypt Certificate Authority.
Device endpoint certificate
https://letsencrypt.org/certs/isrgrootx1.pem