How to verify incomplete device certificates using verification code

Product/components used and version/fix level are you on:

Cumulocity 10.16

Detailed explanation of the problem:

With 10.16 release previously valid device certificates get the incomplete status due to the new proof of possession feature.

How to fix it:

  1. Open the Trusted Certificates page in Device Management

  2. Open your incomplete cert and copy the unsigned verification code

  3. Write the code to a file named “message”

  4. Execute the following command in a shell

    openssl dgst -sha256 -sign <private-key.pem> message | openssl base64 -A

  5. Copy the output into the signed verification code box in the device dialog and click verify.

Your certificate should now be valid again!

3 Likes