Internet of Things (IoT) PKI and Signing

Secure and compliant connected products, whether in Consumer IoT, IIoT, or OT, require trusted identities and signed code and updates. With EJBCA PKI and SignServer, you can issue unique device identities, enable secure communications, and sign firmware and software to ensure trust across the entire product lifecycle. Follow our step-by-step guides to get hands-on experience.

Get started with Matter IoT

Follow our tutorial to learn how to get started and set up an EJBCA PKI to issue Matter-compliant certificates for your smart home products.

• Issue Matter IoT-compliant certificates with EJBCA

Get started with birth identities based on IEEE 802.1AR

Learn how to configure EJBCA to generate device identities and test the mechanisms described in the IEEE standard 802.1 AR.

• Set up EJBCA to issue device identities based on IEEE 802.1AR

Set up trusted remote signing for Espressif ESP32 microcontroller

This tutorial demonstrates how a trusted remote signing process for the Espressif ESP32 microcontroller can be implemented by enabling SignServer code signing infrastructure with trusted certificates issued through EJBCA. 

• Implement Secure Boot V2 for Espressif ESP32 with SignServer

Set up code signing for secure firmware updates

This guide shows how to sign code in GitHub workflows:

• Sign Code in GitHub Workflows with GitHub Actions and SignServer

For general information on setting up code signing in SignServer, which can also be used for secure firmware updates, see Code Signing in the SignServer documentation.