Which AmazonRootCA1 to use with greengrass ?

0

I have greengrass running in a docker container and have a few clients things setup running outside of the container. I can pub/sub to the moquett mqtt only if I turn off using tls. Otherwise I get the root ca is untrusted error in greengrass.logs. I am using the one downloaded when the (client) thing certs are generated by aws for my client things. The greengrass installation has its own ca that was downloaded as part of the installation of the gg core device. Do I need to copy that one from the core gg device and use it for my client things, or do I need to register the cas on the devices? Help appreciated.

1 Respuesta
0
Respuesta aceptada

As described, it seems your certificates are good - each device has its own set of certificates, generated when the things have been created. You don't need to copy certificates from one device to another.

Here are some things to check:

profile pictureAWS
respondido hace 2 meses
  • Hi. To add a little bit, when you use Greengrass client devices, the MQTT broker on the core device has its own CA. That's the CA that should be on each client devices, for validating the server certificate (because, in this case, the server is the MQTT broker on the Greengrass core device, not AWS IoT Core).

    More information here (one of the links ggainaru already supplied): https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas