On AWS devices, you can connect to IoT core using TLS version 1.2 and Elliptic Curve Cryptography (ECC) based certificates.
For creating device credentials, you must generate the following certificates:
- CA certificate
- Device certificate
Creating the CA certificate is a one-time operation. If you have a directory called certificates with a rootCA.pem file in it, you have already completed this step.
It is recommended to use your own Certificate Authority (CA) to create certificates for your devices since it allows generating device certificates offline.
Run the following script to generate and register a CA certificate in your AWS account:
cd ~/nrf-asset-tracker/aws
./cli.sh create-caNote
The default lifetime for CA certificates is 1 year. Run ./cli.sh create-ca --help to learn how to customize the lifetime.