-
Notifications
You must be signed in to change notification settings - Fork 383
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
root-CA.crt #26
Comments
Hi Andreas, Connections between devices and the AWS IoT platform are authenticated using mutual authentication. In this process, each side presents the other with its certificate, and each side verifies the authenticity of the certificate it has received. Your device only needs the Symantec root CA certificate because that certificate can be used to authenticate the identity of the AWS IoT platform. The certificates you generate with the AWS IoT console or CLI are authenticated by the AWS IoT platform using its certificate chain. Let us know if this answers your question, and thanks for trying out the AWS IoT platform. |
Hi Gary, thanks for the pointer, I was misinterpreting the issued certificate in that case. Coming from a failed ssl connection, I was looking for hints in that area. Apparently I am running into the same issue as #18, but cannot solve this on my own yet. The call to the example looks like the following:
With
and produces this:
Any pointer is appreciated. Node.js is v5.3.0 Andreas |
Hi Andreas, When running the example programs in any region other than the default (us-east-1), you need to specify your region on the command line, e.g.:
When using a configuration file as you are here, it might be nice if the code picked up your region from the 'host' property, but it doesn't do that yet. We'll look into that for a future release, but in the meantime just specify your region with the '-g' flag and everything should work. Let us know if that fixes the problem. |
Hi Gary, thanks for the pointer. That helped. Regards, Andreas |
@gkwicker been schwacking my head on this one for some time now thanks. |
Hi, I am trying to run one AWS IoT example (device-example.js) which seems to fail as it tries to find the root-ca in the folder. Please suggest h node device-example.js -f ~/.aws |
@RAdil in the IoT console go to Security -> Certificates there click create -> one click certificate and on the next screen you can download the certificate and also the root CA |
Thanks for prompt response, I was trying to find the option in CLI but web console seems more straight forward. |
Seems certificates are working but MQTT connectivity is not establishing. Please suggest if I need to configure/setup anything on AWS side. |
can you show your policy?
|
Oh .. seems the policy is not linked to the device/thing. Perhaps I also need to configure some AWS end-point .. not sure though { |
Perhaps I need to create two resources ( Topics also)? Topic 1 and Topic 2? |
Thanks a lot for your help. I have now linked the certificate with the "thing" and the "policy" but I am not sure if the policy make sense and perhaps the resource url in the policy needs to be changed. |
I think I got the example to work now by changing resource URL to * and reassigning the policy to cerificate |
ok cool :) * is fine for now, you can restrict it later |
Thanks ! |
@gkwicker wrote:
Is it possible for AWS to publish this certificate chain? Or at least the certificate used to immediately sign the device certificate? We have use cases where we would like to leverage the AWS IoT CA as a trust anchor for peer-to-peer authentication of devices. (Sorry to hijack this thread, but I have a question on the above and not sure what other forum to use.) |
README mentions to use the Symantec's
as the root-CA.crt for all the examples.
However, the certificates issued from the IoT Console are issued by an apparently intermediate CA:
The documentation doesn't mention where to get this intermediary CA.
The text was updated successfully, but these errors were encountered: