Created
May 2, 2019 01:17
-
-
Save ejdoh1/86a8d21b3ba1e530d64314d0413da3c9 to your computer and use it in GitHub Desktop.
Using you own CA with AWS IoT (web console method)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#From https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html | |
## Create a CA | |
openssl genrsa -out rootCA.key 2048 | |
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem | |
## Register you CA with AWS IoT | |
### Get your registration code from: AWS Web Console > AWS IoT Core > Secure > CAs > Register > Register CA | |
openssl genrsa -out verificationCert.key 2048 | |
### For Common Name, enter your registration code | |
openssl req -new -key verificationCert.key -out verificationCert.csr | |
openssl x509 -req -in verificationCert.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out verificationCert.pem -days 500 -sha256 | |
### on the 'Register CA' page, click 'Select CA certificate' and upload your rootCA.pem file | |
### on the 'Register CA' page, click 'Select verification certificate' and upload your verificationCert.pem file | |
### check the 'Activate CA certificate' box and select 'Register CA certificate' | |
## Create a device cert | |
openssl genrsa -out deviceCert.key 2048 | |
openssl req -new -key deviceCert.key -out deviceCert.csr | |
openssl x509 -req -in deviceCert.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out deviceCert.pem -days 500 -sha256 | |
## Upload your device cert to AWS IoT | |
### Browse to AWS Web Console > AWS IoT Core > Secure > Certificates | |
### Select Create > Use my certificate > select your CA > Register certificates > select certificates and upload deviceCert.pem | |
## Attach your cert to a Thing and Policy | |
### Create a Thing without a cert & create a policy | |
### Browse to AWS Web Console > AWS IoT Core > Secure > Certificates | |
### Select the cert you just create (refresh and it should be the first one) | |
### Attach the cert to your Thing and policy | |
# Testing | |
## Download https://mqttfx.jensd.de/ | |
## In MQTT.fx, select settings > + (lower left) to create a new profile | |
## Enter the details for broker addr, port (8883) and select SSL/TLS | |
## Select enable SSL/TLS | |
## Select the 'Self signed certificates' option | |
## For CA File, use AmazonRootCA1.pem from https://www.amazontrust.com/repository/AmazonRootCA1.pem | |
## For Client cert, use deviceCert.pem | |
## For Client key, use deviceCert.key | |
## Select 'PEM Formatted' and select Apply > OK | |
## Hit Connect |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment