Limitations for the certificate renewal
- You cannot renew a bootstrap device certificate.
- The device can handle only one request at a time.
- You can renew a custom certificate using a certificate chain. However, if the new certificate chain is too large and the device doesn't have enough resources to handle it, the device returns a
KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAINerror.
Certificate name restrictions
The certificate name stored on your device is used to uniquely identify a certificate to be renewed.
The following restrictions apply to the certificate name:
- The certificate name is limited to 50 alphanumeric characters, including
-and_. - The certificate name
LWM2Mis reserved for renewing the LwM2M certificate, which is used to establish a secure connection to Device Management. - Certificate name usage:
- For a custom certificate:
- You must provision a certificate, private key and, optionally, a public key with the same name onto your device in the factory. You can also use generated certificate/key pairs.
- Use the exact same certificate name in your device code to consume the certificate.
- Use the same name when configuring a third-party CA in Device Management.
- Use the same name in all phases of the certificate renewal process.
- If you are using the certificate renewal callback on the device, you will get the certificate name as a parameter to your callback.
- For a custom certificate:
- The certificate name is case-sensitive; therefore, use the same letter case in all places. For example, do not use
DLMSin one place andDlmsin another place.