Wednesday, August 22, 2018

AWS IoT - Registering CA certificate

Use openSSL to generate the root key
 
      Generate the key:
          2048 - Encryption strength. AWS needs minimum 2048

               openssl genrsa -out rootCA.key 2048
     
      Generate the pem file
            Put the appropriate days for the certificate to be valid

             openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 10000 -out rootCA.pem
   
             This will ask a set of questions. Answer them appropriately. An example is
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields, there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:MH
Locality Name (eg, city) []:Pune
Organization Name (eg, company) [Internet Widgits Pty Ltd]: My company
Organizational Unit Name (eg, section) []: mycompany
Common Name (e.g. server FQDN or YOUR name) []:admin.mycompany
Email Address []:admin.mycompany@whatever
             
         
Now go to AWS IoT Service
Navigate to Secure -> CA
Click on Register on the right-hand side. This will open a page. Click on Register CA and follow the instructions. Make sure that in Step 3 in details for FQDN you have to put the key as mentioned in Step 2.
At Step 5 and 6 upload the required files.
Check "Activate CA certificate"
Check "Enable auto-registration of device certificates"

No comments:

Post a Comment