Call Device Shadow RestAPI and authenticate TLS mutual authentication with a client certificate.

https://docs.aws.amazon.com/iot/latest/developerguide/device-shadow-rest-api.html As mentioned in document above: The Device Shadow service accepts two forms of authentication: Signature Version 4 with IAM credentials or TLS mutual authentication with a client certificate. How can we get client certificate? Is it the one I downloaded when create thing in IOT Core?

Topics

Internet of Things (IoT)Developer Tools

Tags

AWS IoT Core Developer Tools

Language

English

rePost-User-2684239

asked a year ago230 views

1 Answer

Newest
Most votes
Most comments

Are these answers helpful? Upvote the correct answer to help the community benefit from your knowledge.

Hi. Yes that is one way to get a client certificate (and associated private key). And the easiest way when you're getting started.

Note that a device will typically use the MQTT topics (not the REST API) to interact with shadows: https://docs.aws.amazon.com/iot/latest/developerguide/device-shadow-mqtt.html

If you use one of our IoT Device SDKs, they have shadow support (on the MQTT topics) built-in: https://docs.aws.amazon.com/iot/latest/developerguide/iot-sdks.html#iot-device-sdks

EXPERT

Greg_B

answered a year ago

rePost-User-2684239
a year ago
I am using postman to test API request to Device Shadow REST API. But got Forbidden error after config client certificate. If I using access keys and private keys, it works. Could you have any example using client certificate?

Greg_B EXPERT

a year ago

Here's how you do it with curl: https://docs.aws.amazon.com/iot/latest/developerguide/http.html

curl --tlsv1.2 \
    --cacert Amazon-root-CA-1.pem \
    --cert device.pem.crt \
    --key private.pem.key \
    --request POST \
    --data "{ \"message\": \"Hello, world\" }" \
    "https://IoT_data_endpoint:8443/topics/topic?qos=1"

Relevant content

CloudHSMv2 Force "TLS client-server mutual authentication" or disable default key on HSM
AWS-User-8882385
asked 2 years ago
NICE DCV client TLS certificate authentication ("security/certificate-to-user-file" configuration parameter usage)
Accepted Answer
Michael Schwarz
asked 4 months ago
Mutual TLS with Commercial Client Certificates
TAW
asked 2 years ago
Client certificate authentication with API Gateway and Cognito
rePost-User-3576347
asked 2 years ago
How do I create and connect to a Client VPN endpoint using private certificates for mutual authentication with AWS Certificate Manager?
AWS OFFICIALUpdated 2 years ago
How can I troubleshoot certificate chain and self-signed certificate issues for Amazon API Gateway with custom domains and mutual TLS enabled?
AWS OFFICIALUpdated a year ago
How can I use a client certificate issued by a third party when configuring mutual TLS authentication for API Gateway APIs?
AWS OFFICIALUpdated a year ago
How do I resolve certificate subject conflicts with mutual TLS in API Gateway?
AWS OFFICIALUpdated 6 months ago
Announcement: RDS/Aurora SSL/TLS Certificates are expiring between May and October 2024
EXPERT
randyyoung
published a month ago
How to maintain/upgrade your device authentication/authorization scheme when migrating to AWS IoT Core
EXPERT
Charlyscott237
published 7 months ago