- Newest
- Most votes
- Most comments
At AWS security is always job zero. Please also take a look at Security best practices in AWS IoT Core which explains also why security is important.
Imagine you would allow your devices to connect without authentication/authorization then everyone could use your IoT endpoint.
You can use custom authentication in AWS IoT Core to build your own authentication logic.
You can also setup your own MQTT broker, for example on EC2 which meets your security requirements.
Cheers,
Philipp
Yeah, that's a problem. I don't know of a way to let it connect using an expired certificate.
What you have to do is generate the certificate with a very, very long expiration. I generally have IoT Core generate my device certificates, so I looked to see what it made:
Validity
Not Before: Mar 2 21:24:37 2022 GMT
Not After : Dec 31 23:59:59 2049 GMT
so it generated a cert good for 27 years, not quite sure why that number but ok. This Dec 2049 date was confirmed by someone on stack overflow as well.
If your device can't generate a new certificate before it expires, then I think your only choice is to install certs with a very long expiration, whether you generate them with openssl or not.
From a security perspective you should never use long lived certificates. A certificate lifetime should not go beyond 2 or 3 years. When you rotate your certificates/keys regularly you can make sure that you are always use the latest and most secure algorithms.
You can use AWS IoT Device Defenders device certificate expiring audit to get a notification about certificates that will expire soon. You can then take automated actions to rotate your certificate.
You can find an example architecture in the AWS IoT Jumpstart.
You can also try to open a support ticket with AWS IoT.
Cheers,
Philipp
Yes, Thanks all the answers.
I realize my situation now. But i think the design of the AWS IOT should consider both security and simplicity.
Now, the design is only consider the security. The implementation is so complex. I need lots of codes on it. and i need change a lot of code in order to comply this security rules.
But my device is cheap and it is no sense to implement such complicated code.
I really don't care if the device is secure or not.
Why can't i use AWS IOT in simple way? Why can't i config it without security?
Relevant content
- Accepted Answerasked 2 years ago
- asked 4 months ago
- asked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago