Skip to content

feat: Add self-signed certificate generation for nRF91x1 devices#85

Open
topiasjokiniemi-nordic wants to merge 2 commits intomainfrom
tojo/D2C-269-selfsignedcert-attestation-script
Open

feat: Add self-signed certificate generation for nRF91x1 devices#85
topiasjokiniemi-nordic wants to merge 2 commits intomainfrom
tojo/D2C-269-selfsignedcert-attestation-script

Conversation

@topiasjokiniemi-nordic
Copy link
Copy Markdown

@topiasjokiniemi-nordic topiasjokiniemi-nordic commented May 7, 2026
edited
Loading

New flow for generating self signed certificates for 91x1 devices.

By default it prints deviceId and self-signed cert to terminal output.
Supports flag (--csv filename.csv) to create CSV which can directly be used to onboard the device(s)

Example usage:

poetry run nrf91_gather_self_signed_certs --port /dev/ttyACM0 --clear-sectag --csv devices.csv

Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new CLI utility to generate self-signed certificate attestations on nRF91x1 devices and optionally write onboarding-friendly CSV output, along with a comprehensive new test suite and CLI/packaging wiring.

Changes:

  • Introduces nrf91_gather_self_signed_certs CLI flow (UUID read, offline mode, optional sectag clear, AT%KEYGEN=...,14,2, stdout + optional CSV).
  • Adds unit + integration-style tests covering parsing, modem FW gating, AT interactions, and CSV behaviors.
  • Registers the new command in the unified nrfcloud-utils CLI and as a standalone Poetry script entrypoint.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
tests/test_nrf91_gather_self_signed_certs.py New unit/integration tests for UUID retrieval, KEYGEN self-signed flow, CSV writing, and main() orchestration.
src/nrfcloud_utils/nrf91_gather_self_signed_certs.py New CLI implementation for generating self-signed certificate attestations and emitting/writing onboarding output.
src/nrfcloud_utils/cli.py Adds the new module to the multi-command dispatcher.
pyproject.toml Adds the new console script entrypoint.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/nrfcloud_utils/nrf91_gather_self_signed_certs.py Outdated
Comment thread src/nrfcloud_utils/nrf91_gather_self_signed_certs.py Outdated
Comment thread src/nrfcloud_utils/nrf91_gather_self_signed_certs.py
@pascal-nordic
Copy link
Copy Markdown
Contributor

pascal-nordic commented May 11, 2026

@topiasjokiniemi-nordic could you update the ADVANCED.md with instructions on how to use this? If you think we should promote this mechanism on top of our current onboarding process, you could extend it in the documentation. The only issue I see about promoting it now with the latest NCS is that users still can have device ID as IMEI and not UUID which this depends on it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@pascal-nordic pascal-nordic Awaiting requested review from pascal-nordic

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@topiasjokiniemi-nordic @pascal-nordic