2

When creating a "Thing" in "IoT Core" AWS let me download 5 security related files:

  • Device certificate: ???-certificate.pem.crt
  • Public key file: ???-public.pem.key
  • Private key file: ???-private.pem.key
  • Amazon trust services endpoint, RSA 2048 bit key: Amazon Root CA 1: AmazonRootCA1.pem
  • Amazon trust services endpoint, ECC 256 bit key: Amazon Root CA 3: AmazonRootCA3.pem

So which one I should upload to device when it is asking "Upload custom SSL certifiate"? Or should I create some bundle I have read about?

enter image description here

I'm able to find this from Shelly documentation but in my mind that doesn't tell the answer: https://shelly-api-docs.shelly.cloud/gen2/ComponentsAndServices/Mqtt

enter image description here

tipo1000
  • 21
  • 2
  • It’s unclear from Shelley’s documentation what this is for. It could be for a client certificate, In which case it’s the first one. Or it could be a trusted root to verify the server’s certificate (if not already know by the device). It could be one of the last two or something completely different. – jcaron Oct 13 '23 at 12:06
  • Added a picture from Shelly documentation. – tipo1000 Oct 13 '23 at 12:22
  • Yep, I have seen that, but I have no idea if that has a link with the screen in the UI. What is described in the documentation is a way to add/use a root cert if the server's certificate is not recognised (i.e. the matching root certificate is not in the standard CA bundle). The certificate given by Amazon is a client cert (you would add that and the matching private key to a device, and the server can then identify the device using that, it's an alternative to using usernames and passwords). I'm not sure the Shelly devices support that. – jcaron Oct 13 '23 at 15:32
  • I think your answer is found in Step 11 of the documentation, which tells you how to use client certificates, among other things. Let us know what you find. – kalyanswaroop Oct 19 '23 at 12:36
  • I asked this from Shelly and they answered: "We understand that you have questions related with possible integration between our devices and AWS. We are not sure if AWS acts like an broker and we have never heard someone to achieve integration with AWS or with Azure IoT. Usually our clients are using Homeassistant, Mosquitto, Ibroker and similar ones." I do not understand the comment about AWS not being a broker and where to go from here... – tipo1000 Nov 30 '23 at 06:27

0 Answers0