Skip to main content

Certificates

Devices authenticate via mutual TLS (mTLS), which establishes a trusted end-to-end connection between the device and Nexigon Hub. Nexigon does not prescribe any specific origin for certificates and, by default, generates self-signed certificates on each device upon provisioning. Device certificates can be managed through Nexigon's UI and created, deleted, and modified through Nexigon's API. This enables a flexible integration with third-party CAs and identity providers, if so desired.

Each device certificate has a status that can be one of the following:

  • Pending: The certificate has been created but not yet accepted.
  • Active: The certificate has been accepted and can be used to authenticate.
  • Rejected: The certificate has been rejected.
  • Revoked: The certificate has been revoked.

Devices can only establish a connection by presenting an active device certificate.