Mistake on this page? Email us

Limitations for the certificate renewal

  • You cannot renew a bootstrap device certificate.
  • The device can handle only one request at a time.
  • You can renew a custom certificate using a certificate chain. However, if the new certificate chain is too large and the device doesn't have enough resources to handle it, the device returns a KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN error.

Certificate name restrictions

The certificate name stored on your device is used to uniquely identify a certificate to be renewed.

The following restrictions apply to the certificate name:

  • The certificate name is limited to 50 alphanumeric characters, including - and _.
  • The certificate name LWM2M is reserved for renewing the LwM2M certificate, which is used to establish a secure connection to Device Management.
  • Certificate name usage:
    • For a custom certificate:
      • You must provision a certificate, private key and, optionally, a public key with the same name onto your device in the factory. You can also use generated certificate/key pairs.
      • Use the exact same certificate name in your device code to consume the certificate.
    • Use the same name when configuring a third-party CA in Device Management.
    • Use the same name in all phases of the certificate renewal process.
    • If you are using the certificate renewal callback on the device, you will get the certificate name as a parameter to your callback.
  • The certificate name is case-sensitive; therefore, use the same letter case in all places. For example, do not use DLMS in one place and Dlms in another place.