By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Code Signing for AWS IoT

0

I'm trying to learn how to issue an OTA firmware update for my AWS IoT devices that are running firmware based on the AmazonFreeRTOS.

I keep getting stuck at a step that tells me to sign the firmware file with the Code Signer service. The instructions are clear with the exception that they do not explain what this certificate is or how I make one. I know how to make an SSL certificate, and I tried that, but it didn't work.

After trying a bunch of stuff and reading a bunch of stuff, I'm getting the impression that I need a code signing certificate which I cannot make via any AWS service. I don't know where else to get one. I contacted my domain registrar, but they do not provide code signing certificates.

I need some help figuring out what to do here. I am able to pay for a certificate if I need to but I want to make sure I'm paying for the right thing.

Thanks, Frank

Topics
Internet of Things (IoT)Security, Identity, & Compliance
Tags
AWS IoT CoreAWS Certificate Manager
Language
English
Frank
asked a month ago241 views
1 Answer
2

Hello Frank,

You are right, you cannot get a code signing certificate from AWS, but you can purchase one from several sites. Digicert is one and so is Certum. There are several others available, that you can search. This site provides some guidance on how to obtain and install it and this site provides a price comparison.

I suggest you do your due diligence before spending money and hope this helps.

Sincerely, Mukul Dharwadkar

profile picture
Mukul Dharwadkar
answered a month ago
  • Frank
    a month ago

    Thanks. I think my main concern is to make sure that what I need here is a new signing certificate and not one that is somehow related to something already in the firmware I'm trying to update. I did not develop the firmware. I know that there is a private key file associated with the source code, but I don't know how it is used. I'd hate to go through all the trouble of getting my own signing certificate only to discover that what I need is a certificate that someone else used to sign the original firmware. I've been trying to get a hold of the people who made the firmware but they may not be available.

  • Mukul Dharwadkar
    a month ago

    I understand. What is the firmware you are using and where are you seeing the requirement to have the firmware signed? I think that if it is a third-party firmware, they should have signed it already. If not, then you should do it if you have access to the source code.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content