In devicemanagement, one can onboard devices with a certificate but after onboarding, there is no possibility to authenticate with certificates.
It would be a big added value for security and management of our clients, since no credentials would be needet.
The big issue with device onboarding with certificates is the missing CRL or OCSP. For both usecases (onboarding and authentication) CRL and/or OCSP is a must, since without this funcionality, there is no possibility to revoke compremiced certificates
Thanks a lot for the feedback.
Supporting CRL or OCSP to be able to revoke individual certificates is an important feature on our backlog.
What do you refer to with "there is no possibility to authenticate with certificates". A device is able at any time to authenticate to the platform using its individual certificates. Details are described here: https://cumulocity.com/guides/device-sdk/mqtt/#device-certificates