On AWS devices, you can connect to IoT core using TLS version 1.2 and Elliptic Curve Cryptography (ECC) based certificates.
For creating device credentials, you must generate the following certificates:
- CA certificate
- Device certificate
Creating the CA certificate is a one-time operation. If you have a directory called certificates
with a rootCA.pem
file in it, you have already completed this step.
It is recommended to use your own Certificate Authority (CA) to create certificates for your devices since it allows generating device certificates offline.
Run the following script to generate and register a CA certificate in your AWS account:
cd ~/nrf-asset-tracker/aws
./cli.sh create-ca
Note
The default lifetime for CA certificates is 1 year. Run ./cli.sh create-ca --help
to learn how to customize the lifetime.