Share a Gateway cert between gateways?

Question

Is it possible to have a single, pre-defined gateway certificate to share between gateways?  I understand this is not ideal from a security setup, but it would make provisioning new gateways onto IoT Wireless much easier.
When creating a gateway in the web console the only option provided is to create a new gateway certificate, but I was hoping it would be possible to define using the CLI or API and pre-load it onto a gateway.

Also, a second question - are the server trust certs the same for all gateways?
While also in the web console provisioning a gateway, the CUPS & LNS cert download appears to not actually create new certs, which I assume means they are common across all gateways for my CUPS & LNS endpoints?

Accepted Answer

Hi,

Q1) 
you can use API https://docs.aws.amazon.com/iot-wireless/2020-11-22/apireference/API_AssociateWirelessGatewayWithCertificate.html or CLI https://docs.aws.amazon.com/cli/latest/reference/iotwireless/associate-wireless-gateway-with-certificate.html for that purpose. As you mentioned, it's not optimal from security standpoint.

See this example for automation: https://github.com/aws-samples/aws-iot-core-lorawan/tree/main/automation

Q2) Server trust certs are for authentication cloud endpoints for LNS and CUPS. As long as gateways connect to the same endpoint, the server trust certs are the same. Practically that means that you can use the same one for the same account and region combination.

Answer

As of now  https://docs.aws.amazon.com/iot-wireless/2020-11-22/apireference/API_AssociateWirelessGatewayWithCertificate.html will not allow cert to be shared. 
This is rule is there because we consider each Gateway as an individual client to IoTWireless service.

Share a Gateway cert between gateways?

관련 콘텐츠