Create device credentials
On AWS devices, you can connect to IoT core using TLS version 1.2 and Elliptic Curve Cryptography (ECC) based certificates.
For creating device credentials, you must generate the following certificates:
CA certificate
Device certificate
Generate a CA certificate
Creating the CA certificate is a one-time operation.
If you have a directory called certificates
with a rootCA.pem
file in it, you have already completed this step.
It is recommended to use your own Certificate Authority (CA) to create certificates for your devices since it allows generating device certificates offline.
Run the following script to generate and register a CA certificate in your AWS account:
cd ~/nrf-asset-tracker/aws
node cli create-ca
Note
The default lifetime for CA certificates is 1 year.
Run node cli create-ca --help
to learn how to customize the lifetime.
Generate a device certificate
You can use the CLI to generate a certificate for your device.
The firmware will use the IMEI of the device as the MQTT client ID.
You can get the IMEI of your device using the AT command AT+CGSN
.
The IMEI is also typically printed on a sticker on the device.
Following is the output of the command:
# AT+CGSN
352656100248049 OK
Use the IMEI when generating the certificate:
node cli create-device-cert -d "imei"
Note
The default lifetime for device certificates is 30 years.
Run node cli create-device-cert --help
to learn how to customize the lifetime.