Share a Gateway cert between gateways?

0

Is it possible to have a single, pre-defined gateway certificate to share between gateways? I understand this is not ideal from a security setup, but it would make provisioning new gateways onto IoT Wireless much easier. When creating a gateway in the web console the only option provided is to create a new gateway certificate, but I was hoping it would be possible to define using the CLI or API and pre-load it onto a gateway.

Also, a second question - are the server trust certs the same for all gateways? While also in the web console provisioning a gateway, the CUPS & LNS cert download appears to not actually create new certs, which I assume means they are common across all gateways for my CUPS & LNS endpoints?

2 Answers
1
Accepted Answer

Hi,

Q1) you can use API https://docs.aws.amazon.com/iot-wireless/2020-11-22/apireference/API_AssociateWirelessGatewayWithCertificate.html or CLI https://docs.aws.amazon.com/cli/latest/reference/iotwireless/associate-wireless-gateway-with-certificate.html for that purpose. As you mentioned, it's not optimal from security standpoint.

See this example for automation: https://github.com/aws-samples/aws-iot-core-lorawan/tree/main/automation

Q2) Server trust certs are for authentication cloud endpoints for LNS and CUPS. As long as gateways connect to the same endpoint, the server trust certs are the same. Practically that means that you can use the same one for the same account and region combination.

answered 2 years ago
1

As of now https://docs.aws.amazon.com/iot-wireless/2020-11-22/apireference/API_AssociateWirelessGatewayWithCertificate.html will not allow cert to be shared. This is rule is there because we consider each Gateway as an individual client to IoTWireless service.

AWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions