Hello,
We have received a CA certificate (TLS) chain file from an external entity which has a Root CA certificate and an intermediate CA certificate (ECU CA) which has been signed by the Root CA and also a device certificate which is signed by the ECU CA.
The CA certificate chain has been registered under - AWS IoT--> Certificate Authorities.
However, the device certificate registration is failing with an error message which says " The certificate is not valid"
Steps followed
** Scenario 1:**
- Navigate to AWS IoT--> All Devices-->Things
- Click on 'Create Things'
- Select Create one thing
- Provide a name
- Click on Next button
- In the "Configure device certificate" screen select 'Use my certificate' option
- Choose the option "CA is registered with AWS IoT
- Choose the CA certificate from the dropdown box
- Choose and upload the device certificate
- Click on next button
- In the Policies screen choose a default policy and click on 'Create thing' button
- The error message "An error occurred while creating the thing. ResourceRegistrationFailureException: Register thing workflow execution terminates due to: The certificate is not valid." is displayed
Scenario 2:
- Navigate to AWS IoT--> Security --> Certificates
- Choose 'Register certificates' option from the Add Certificate drop down
- In the "Register certificates" screen select the option "CA is registered with AWS IoT"
- Choose the CA certificate from the dropdown box
- Choose and upload the device certificate under the Certificates section
- Click on 'Register' button
- The error message "The certificate is not valid" is displayed.
Need your assistance to resolve the issue.
Thanks.
The signature algorithm used is : rsassaPss
With one of the supported hash algorithms and with the mgf1 mask algorithm? And please what is the key algorithm and key size?
yes it is RSA with SHA256 and the key size is 4096
Signature Algorithm: rsassaPss Hash Algorithm: sha256 Mask Algorithm: mgf1 with sha256
This works: