AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

Certificate validity

0

Hi, Currently AWS MQTT connection is established using below link: https://docs.aws.amazon.com/freertos/latest/userguide/getting_started_espressif.html I can see the certificate expiry is in 2050 year through AWS console. I wanted to know:

  1. Can this expiry period be changed to 2060 or 2040 or any other?
  2. How to automate expiry check monitoring
  3. How to renew certificates? Are new certificates required to be replaced? Please guide.
주제
사물 인터넷(IoT)
태그
AWS IoT Core
언어
English
AWS-User-4935529
질문됨 2년 전1073회 조회
1개 답변
0

Hi.

  1. For a different expiry, you can't use AWS IoT to generate your certificates. You'll need your own CA. You can use ACM Private CA or your own PKI.
  2. One way to automate expiry check is with AWS IoT Device Defender: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-device-cert-approaching-expiration.html
  3. Certificate rotation using AWS IoT Device Defender and AWS IoT Jobs: https://aws.amazon.com/blogs/iot/how-to-manage-iot-device-certificate-rotation-using-aws-iot/
profile pictureAWS
전문가
Greg_B
답변함 2년 전
  • AWS-User-4935529
    2년 전

    Hi Greg, Thanks for info. This is helpful in clearing doubts. The currently used AWS certificate created in 2022 (this year) is showing expiry of 2050. Is default expiry year: 28 years + created year? Please guide.

  • Greg_B 전문가
    2년 전

    No. Expiry is always Dec 31 2049. It doesn't matter when the certificate is created: https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html

    X.509 certificates generated by AWS IoT expire at midnight UTC on December 31, 2049 (2049-12-31T23:59:59Z).

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠