By using AWS re:Post, you agree to the Terms of Use
/Problem in installing GreenGrass V2 with HSM/

Problem in installing GreenGrass V2 with HSM


As HSM we are using the microchip tech ATECC608A.

We are using that in Greengrass v1 and it is properly working. Here is the configuration example:

"IoTCertificate": {
    "privateKeyPath": "pkcs11:object=device;type=private",
    "certificatePath": "file:///path-to-core-device-certificate/xxx.pem.crt"

In this, we are giving certificatePath that is available on the device. but in Greengrass v2 we have to specify the certificateFilePath as "pkcs11:object=device;type=cert". Example config.yaml

	certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
	privateKeyPath: "pkcs11:object=iotdevicekey;type=private"

So is there any way to use the on-device connection certificate path in "certificateFilePath" attribute or do I have to write connection certificate in chip?

1 Answers

Hello, Greengrass v2 does not support on-disk certificate for HSM integration. You must store the private key and certificate in the HSM. Here is the guideline: Greengrass-v2- hardware-security-requirements. I Hope it helps.

answered 22 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions