Commit 61a94b8e authored by apapkovskiy's avatar apapkovskiy
Browse files

Merge branch 'master' of

parents f3b92a93 9dd65f02
AWS JITP Configuration
To create thing automatically `Just-in-Time Provisioning <>`__ should be configured.
- Create Verification certificate.
.. code:: bash
aws iot get-registration-code
openssl ecparam -genkey -name prime256v1 -out CACertificate_ECC.key
openssl req -x509 -new -nodes -key CACertificate_ECC.key -sha256 -days 3650 -out CACertificate_ECC.crt
openssl ecparam -genkey -name prime256v1 -out VerificationKeys.key
openssl req -new -key VerificationKeys.key -subj "/CN=REGISTRATION CODE" -out VerificationCSR.pem
openssl x509 -req -in VerificationCSR.pem -CA CACertificate_ECC.crt -CAkey CACertificate_ECC.key -CAcreateserial -out Verificationcertificate.crt -days 3650 -sha256
- Register & Activate CA certificate and enable auto-registration
.. code:: bash
aws iot register-ca-certificate --ca-certificate file://CACertificate_ECC.crt --verification-cert file://Verificationcertificate.crt
aws iot describe-ca-certificate --certificate-id <cert id>
aws iot update-ca-certificate --certificate-id <cert id> --new-status ACTIVE
aws iot update-ca-certificate --certificate-id <cert id> --registration-config file://registration_config.json
aws iot update-ca-certificate --certificate-id <cert id> --new-auto-registration-status ENABLE
See more about `JITP template <>`__
Create IoT device credentials for JITP
.. code:: bash
openssl ecparam -genkey -name prime256v1 -out deviceKey.key
openssl req -new -key deviceKey.key -out deviceCsr.csr -subj "/CN=<DEVICE_NAME>"
openssl x509 -req -days 3650 -in deviceCsr.csr -CAcreateserial -CA CACertificate_ECC.crt -CAkey CACertificate_ECC.key -out deviceCert.crt
cat deviceCert.crt CACertificate_ECC.crt > CAandIoTcert.pem
- Set private key to A71CH and retrieve reference key (contact information for openssl engine how to find key in HSM)
.. code:: bash
./a71chConfig_i2c_imx debug reset
./a71chConfig_i2c_imx set pair -x 0 -k deviceKey.key
./a71chConfig_i2c_imx info pair
./a71chConfig_i2c_imx refpem -c 10 -x 0 -r deviceRefKey.ref_key
- Verify SSL connection.
.. code:: bash
export JRCP_HOSTNAME=<host>
export JRCP_PORT=<port>
export OPENSSL_CONF=<path>
openssl s_client -connect <custom_endpoint>.iot.<region> -CAfile rootCA.pem -cert CAandIoTcert.pem -key deviceRefKey.ref_key
- Publish message to MQTT and check that new Thing with certificate is registered.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment