Hi, Currently AWS MQTT connection is established using below link: https://docs.aws.amazon.com/freertos/latest/userguide/getting_started_espressif.html I can see the certificate expiry is in 2050 year through AWS console. I wanted to know: 1. Can this expiry period be changed to 2060 or 2040 or any other? 2. How to automate expiry check monitoring 3. How to renew certificates? Are new certificates required to be replaced? Please guide.

Hi. 1. For a different expiry, you can't use AWS IoT to generate your certificates. You'll need your own CA. You can use [ACM Private CA](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaWelcome.html) or your own PKI. 2. One way to automate expiry check is with AWS IoT Device Defender: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-device-cert-approaching-expiration.html 3. Certificate rotation using AWS IoT Device Defender and AWS IoT Jobs: https://aws.amazon.com/blogs/iot/how-to-manage-iot-device-certificate-rotation-using-aws-iot/

Certificate validity

Hi, Currently AWS MQTT connection is established using below link: https://docs.aws.amazon.com/freertos/latest/userguide/getting_started_espressif.html I can see the certificate expiry is in 2050 year through AWS console. I wanted to know:

Can this expiry period be changed to 2060 or 2040 or any other?
How to automate expiry check monitoring
How to renew certificates? Are new certificates required to be replaced? Please guide.

トピック

モノのインターネット (IoT)

タグ

AWS IoT Core

言語

English

AWS-User-4935529

質問済み 2年前1073ビュー

1回答

新しい順
投票が多い順
コメントが多い順

これらの回答は役に立ちましたか？コミュニティがあなたの知識を活用できるように、正解に賛成票を投じてください。

Hi.

For a different expiry, you can't use AWS IoT to generate your certificates. You'll need your own CA. You can use ACM Private CA or your own PKI.
One way to automate expiry check is with AWS IoT Device Defender: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-device-cert-approaching-expiration.html
Certificate rotation using AWS IoT Device Defender and AWS IoT Jobs: https://aws.amazon.com/blogs/iot/how-to-manage-iot-device-certificate-rotation-using-aws-iot/

エキスパート

Greg_B

回答済み 2年前

AWS-User-4935529
2年前
Hi Greg, Thanks for info. This is helpful in clearing doubts. The currently used AWS certificate created in 2022 (this year) is showing expiry of 2050. Is default expiry year: 28 years + created year? Please guide.
Greg_B エキスパート
2年前
No. Expiry is always Dec 31 2049. It doesn't matter when the certificate is created: https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html

X.509 certificates generated by AWS IoT expire at midnight UTC on December 31, 2049 (2049-12-31T23:59:59Z).

Certificate validity

関連するコンテンツ