Certificate and private key generation and Provisioning process


I’d like to get some clarification on the certificate and private key generation, as well as provisioning process in general.

Mender has AWS IoT Core integration, so would it be correct to assume that the flow looks something like below?

Thank you.

Let me formulate the question more clearly, as I believe clarifying this aspect will help many current and potential Mender users.

The first stage in deploying and managing devices remotely is provisioning. Provisioning essentially brings the devices online and gets them connected securely to cloud services. For deploying thousands of devices in production, one must automate this process.

Generally, the provisioning process looks like this, IoT devices connect to the cloud solution first by automatically establishing the initial connection between the device and the IoT solution by registering the device and then applying the proper configuration to the device based on some specific requirements. A typical workflow would be:
Step 1) Device private key installation (complete on the factory side).
Step 2) Configure servers to connect to the device (has a hosted Mender server and AWS IoT Core service on the server side and Mender Client on the device side).
Step 3) Update the device to the latest configuration over-the-air (done during the first device connection).
Step 4) Authenticate and register the device in all relevant cloud services on backend (done after the device has been updated).

The question is how to automate the first two steps with Mender, considering the above server side and the device side configuration.

Don’t know if this helps, but my company, pre-authorises devices in the mender when we stock the devices in our factory, by integrating use of the mender server API into our stocking software.