Skip to main content

For the RainMaker + Matter solution connecting to private RainMaker, how are device certificates generated?

For private RainMaker, certificates still reuse the Matter DAC but must be generated using esp-matter-mfg-tool with your private PAI key and certificate. The esp-rainmaker-cli tool cannot be used here.

Single device:

esp-matter-mfg-tool --dac-in-secure-cert \
    -v <vendor-id> -p <product-id> \
    --pai -k <pai-key> -c <pai-cert> -cd <cert-declaration> \
    --csv /path/to/keys.csv --mcsv /path/to/master.csv

Batch generation (e.g., 5 devices): Add -n 5. In master.csv, duplicate the private RainMaker MQTT endpoint on separate rows — one row per device:

mqtt_host,
<your-private-mqtt-endpoint>
<your-private-mqtt-endpoint>
<your-private-mqtt-endpoint>
<your-private-mqtt-endpoint>
<your-private-mqtt-endpoint>

After generating certificates, register the output CSV (/out/<vendor-id>_<product-id>/cn_dacs-<date>-<time>.csv) to the private RainMaker platform using esp-rainmaker-admin-cli or the private RainMaker Dashboard.