aws-iot-device-sdk-embedded-C fleet_provisioning_with_csr demo how to save private key and certificate


I successfully run the demo fleet_provisioning_with_csr_demo but I'm not understanding how to save device.pem.crt and private.pem.key maybe someone can help?

( I also raised the ticket )

g@cinnamon:~/git/aws-iot-device-sdk-embedded-c/build$ ./bin/fleet_provisioning_with_csr_demo 
[INFO] [PKCS11] [core_pkcs11_mbedtls.c:1460] PKCS #11 successfully initialized.
[INFO] [PKCS11] [core_pkcs11_mbedtls.c:2918] Creating a 0x3 type object.
[INFO] [FLEET_PROVISIONING_DEMO] [pkcs11_operations.c:770] Writing certificate into label "Claim Cert".
[INFO] [PKCS11] [core_pkcs11_mbedtls.c:2918] Creating a 0x1 type object.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:532] Establishing MQTT session with claim certificate...
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:544] Established connection with claim credentials.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:252] Received accepted response from Fleet Provisioning CreateCertificateFromCsr API.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:621] Received certificate with Id: XXXX
[INFO] [FLEET_PROVISIONING_DEMO] [pkcs11_operations.c:770] Writing certificate into label "Device Cert".
[INFO] [PKCS11] [core_pkcs11_mbedtls.c:2918] Creating a 0x1 type object.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:279] Received accepted response from Fleet Provisioning RegisterThing API.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:696] Received AWS IoT Thing name: mythingprefix_S1234
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:722] Establishing MQTT session with provisioned certificate...
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:737] Sucessfully established connection with provisioned credentials.
[INFO] [PKCS11] [core_pkcs11_mbedtls.c:2002] Successfully closed PKCS #11 session.
[INFO] [PKCS11] [core_pkcs11_mbedtls.c:1505] PKCS #11 was successfully uninitialized.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:765] Demo iteration 1 is successful.
[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:784] Demo completed successfully.
profile picture
asked a year ago296 views
2 Answers
Accepted Answer

I added a new demo based on the CreateKeysAndCertificate API where it is possible to save the new private key and certificate defining DOWNLOADED_CERT_WRITE_PATH and DOWNLOADED_PRIVATE_KEY_WRITE_PATH

profile picture
answered a year ago
profile picture
reviewed 20 days ago

Hi Giuseppe. Since that demo uses a CSR for fleet provisioning, only a certificate will be generated. No new private key is created.

More information here:

The demo uses the corePKCS11 library: This is a mock implementation. A soft hardware security module. The certificate created by fleet provisioning is saved as an object within this. That is what this message refers to:

[INFO] [PKCS11] [core_pkcs11_mbedtls.c:2918] Creating a 0x1 type object.

This comes from here:

Which I believe works its way down to here:

And if so, the file created by the mock PKCS11 is named as shown here:

However, this is not a PEM file because PKCS11 is being simulated. It's a DER file. So you may be best advised to use the ID returned here:

[INFO] [FLEET_PROVISIONING_DEMO] [fleet_provisioning_with_csr_demo.c:621] Received certificate with Id: XXXX

And get the certificate using the CLI or console.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions