At AWS security is always job zero. Please also take a look at Security best practices in AWS IoT Core which explains also why security is important.
Imagine you would allow your devices to connect without authentication/authorization then everyone could use your IoT endpoint.
You can use custom authentication in AWS IoT Core to build your own authentication logic.
You can also setup your own MQTT broker, for example on EC2 which meets your security requirements.
Yeah, that's a problem. I don't know of a way to let it connect using an expired certificate.
What you have to do is generate the certificate with a very, very long expiration. I generally have IoT Core generate my device certificates, so I looked to see what it made:
Validity Not Before: Mar 2 21:24:37 2022 GMT Not After : Dec 31 23:59:59 2049 GMT
so it generated a cert good for 27 years, not quite sure why that number but ok. This Dec 2049 date was confirmed by someone on stack overflow as well.
If your device can't generate a new certificate before it expires, then I think your only choice is to install certs with a very long expiration, whether you generate them with openssl or not.
From a security perspective you should never use long lived certificates. A certificate lifetime should not go beyond 2 or 3 years. When you rotate your certificates/keys regularly you can make sure that you are always use the latest and most secure algorithms.
You can use AWS IoT Device Defenders device certificate expiring audit to get a notification about certificates that will expire soon. You can then take automated actions to rotate your certificate.
You can find an example architecture in the AWS IoT Jumpstart.
You can also try to open a support ticket with AWS IoT.
Yes, Thanks all the answers.
I realize my situation now. But i think the design of the AWS IOT should consider both security and simplicity.
Now, the design is only consider the security. The implementation is so complex. I need lots of codes on it. and i need change a lot of code in order to comply this security rules.
But my device is cheap and it is no sense to implement such complicated code.
I really don't care if the device is secure or not.
Why can't i use AWS IOT in simple way? Why can't i config it without security?
Unable to provision IOT Devices using FleetProvisioningByClaimAccepted Answerasked 5 months ago
aws iot core device certificateasked 5 months ago
Unable to authenticate to AWS IoT using private CAasked 5 months ago
Just in time provisioning for Greengrass v2 core devicesAccepted Answerasked a year ago
aws iot device certificates expiredasked 17 days ago
Does AWS IoT allow a certificate for multiple devices?asked 8 months ago
Mqtt connection between the user's iot devices and the user's phoneasked a year ago
AWS IoT - Provisioning devices that don't have device certificates using fleet provisioningAccepted Answerasked 6 months ago
Protect devices from becoming bricksAccepted Answerasked 3 years ago
Aws IOT core for Android devicesAccepted Answerasked 5 months ago