The JITP demo directly uses the CA and attaches a JITP template to it. I’d need to investigate to see if you could use an intermediate CA to sign your device certificate and see if it would inherit your JITP template.
Well I would rather not provision any type of CA certificate to the device. Also the python scripts used for creating the JITR certificates require a thingname to be specified when creating the device certificate which is not what I want with JITP since the thingname is provided by the template. I am just unsure of what certificate is suppose to be parsed in for keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM ? Correct me if I am wrong but from what I understood, keyCLIENT_PRIVATE_KEY_PEM should be the private key of the device certificate and keyCLIENT_CERTIFICATE_PEM should be the device certificate itself and keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM is not needed for JITP.