- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
What is the certificate chain of IoT certificates? Could I download the truststore of IoT client certificates?
No you can't. The CA used to issue device certificates using AWS IoT is ephemeral. Once the device certificate is registered in AWS IoT Core, the CA is no longer needed or used.
I think one solution is to have own root CA that issues certificates for IoT Core connection and API Gatewat connection.
Right.
Because I already have around 1000 devices and certificates issued by AWS, what happens to them if I decide to use my own root CA to issue new IoT client certificates?
Those 1000 devices will still be able to connect to AWS IoT Core, so long as those certificates are still in the AWS IoT Core registry. You would need to rotate the certificates on those devices if you want to connect to API gateway using mTLS.
https://aws.amazon.com/blogs/iot/how-to-manage-iot-device-certificate-rotation-using-aws-iot/
What's the best approach to allow an IoT device access an API with mTLS? Should I have two certificates and private keys in the device, one for IoT Core and one for API?
You might instead consider to make use of the AWS IoT credential provider, and access the API using IAM: https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html. A single certificate and key granting you access.
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor einem Jahr
- Wie veröffentliche ich MQTT-Nachrichten von meinem Gerät auf AWS IoT Core, wenn ich Python verwende?AWS OFFICIALAktualisiert vor 3 Jahren
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor einem Jahr