Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Greengrass security module integration using ECC keys and Multi Account Registration

0

Looking at the documentation for greengrass v2 integration with a HSM with ECC keys - it specifies Nucleus 2.5.6 or later - it also talks about using a CSR to submit to AWS for signing to allow operation. Is it possible to simply use the certificate from the HSM directly, and register this with AWS as per Multi Account Registration - so the CSR step is not required ?

Temas
Internet de las cosas (IoT)Seguridad, identidad y cumplimiento
Etiquetas
AWS IoT GreengrassAWS IoT CoreSeguridad, identidad y cumplimiento
Idioma
English
majh
preguntada hace un año201 visualizaciones
1 Respuesta
0
Respuesta aceptada

Hi there!

Yes, an X.509 certificate created from a private key in an HSM can be used without going through the CSR step (part of general provisioning). At that point you are using the PKCS#11 interface to utilize the private key. This portion of the docs covers importing an existing key/cert to an HSM, but the steps for configuring Greengrass from step 3 forward will walk you through the config.yaml, which should look like this when done:

system:
  certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
  privateKeyPath: "pkcs11:object=iotdevicekey;type=private"
  rootCaPath: "/greengrass/v2/rootCA.pem"
  rootpath: "/greengrass/v2"
  thingName: "MyGreengrassCore"

Greengrass will then use certificateFilePath and privateKeyPath for all AWS IoT operations (connect to IoT Core, AWS IoT Greengrass, and allowed Roles Alias).

AWS
Gavin_A
respondido hace un año

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante