1 Answer
- Newest
- Most votes
- Most comments
0
Hi.
- For a different expiry, you can't use AWS IoT to generate your certificates. You'll need your own CA. You can use ACM Private CA or your own PKI.
- One way to automate expiry check is with AWS IoT Device Defender: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-device-cert-approaching-expiration.html
- Certificate rotation using AWS IoT Device Defender and AWS IoT Jobs: https://aws.amazon.com/blogs/iot/how-to-manage-iot-device-certificate-rotation-using-aws-iot/
Relevant content
- Accepted Answerasked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 10 months ago
- Can I use ACM to issue private certificates when the AWS Private CA validity is less than 13 months?AWS OFFICIALUpdated 5 months ago
Hi Greg, Thanks for info. This is helpful in clearing doubts. The currently used AWS certificate created in 2022 (this year) is showing expiry of 2050. Is default expiry year: 28 years + created year? Please guide.
No. Expiry is always Dec 31 2049. It doesn't matter when the certificate is created: https://docs.aws.amazon.com/iot/latest/developerguide/x509-client-certs.html