Use our own CA cert with Greengrass aws.greengrass.FleetProvisioningByClaim.jar

UPDATE - Looked into this a bit more, seems like you're trying to use your own CA because you'd register your own client certificates signed by that CA to use for your devices, in which case, the Greengrass aws.greengrass.FleetProvisioningPlugin will not help, you can use this plugin if you're okay using the Amazon Root CA and let IoT Core generate client certificates for you from the claim certificate and provisioning template. If that doesn't work for you, you may be looking for JITP/JITR options IoT Core provides https://docs.aws.amazon.com/iot/latest/developerguide/jit-provisioning.html and https://docs.aws.amazon.com/iot/latest/developerguide/auto-register-device-cert.html

Hi @ncarn,

Thanks for using Greengrass. It's hard to tell just by the error message why it failed, but common reasons for this issue are using the incorrect IoT data endpoint or the root CA certificate, could you tell us what configuration options you provided while installing Greengrass using the aws.greengrass.FleetProvisioningByClaim plugin? https://docs.aws.amazon.com/greengrass/v2/developerguide/fleet-provisioning.html As described here, please ensure that you're using the ATS IoT data endpoint and placing the Amazon Root CA certificate on the device you're trying to provision. Did you see the private key and certificate files downloaded on the device, if not, were there any other failure logs in greengrass.log file? It will be helpful if you can share the logs too.

You could also try enabling monitoring for connection failures in CloudWatch to get logs in your AWS account https://docs.aws.amazon.com/iot/latest/developerguide/cloud-watch-logs.html It might not provide information for client side issues but will make troubleshooting easier overall.