X.509 Certificate Service in EnOS¶
EnOS provides the X.509 Certificate Service to enforce X.509 certificate-based bi-directional authentication for all communication sessions between the EnOS Edge and IoT Hub.
In cryptography, X.509 is a standard that defines the format of the public key certificate, which is an electronic document used to prove the ownership of a public key. The X.509 certificate is defined by the RFC5280 standard. X.509 certificates are issued by a trusted entity of the Public-key Infrastructure (PKI) called Certification Authority (CA).
- Asymmetric keys, which ensure that sensitive cryptographic material never leaves the devices.
- Stronger client authentication.
- Public-key Infrastructure (PKI), is a set of roles, policies, and procedures that are needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
- Certification Authority (CA), is an entity that issues digital certificates.
- Certificate signing request (CSR), is a message sent from the certificate applicant to the certificate authority to apply for an X.509 certificate.
- Certificate Revocation List (CRL), is a time-stamped list that maintains the revoked certificates of the CA.
- Retrieving the root CA certificate
- Retrieving the certification revocation list
Three functions are available through REST APIs in IoT hub.