Device credentials

On AWS devices, you can connect to IoT core using TLS version 1.2 and Elliptic Curve Cryptography (ECC) based certificates.

For creating device credentials, you have to generate the following certificates:

• CA certificate

• Device certificate

Generate a CA certificate

Creating the CA certificate is a one-time operation. If you have a directory called certificates with a rootCA.pem file in it, you have already completed this step.

Note

Note that this action will create a user with full access rights to the account, and therefore it must be created only in an account dedicated for Bifravst.

It is recommended to use your own Certificate Authority (CA) to create certificates for your devices since it allows generating device certificates offline.

Run the following script to generate and register a CA certificate in your AWS account:

node cli create-ca

Generate a device certificate

Run the following script to generate a certificate for a new device:

node cli create-device-cert