Which AmazonRootCA1 to use with greengrass ?

0

I have greengrass running in a docker container and have a few clients things setup running outside of the container. I can pub/sub to the moquett mqtt only if I turn off using tls. Otherwise I get the root ca is untrusted error in greengrass.logs. I am using the one downloaded when the (client) thing certs are generated by aws for my client things. The greengrass installation has its own ca that was downloaded as part of the installation of the gg core device. Do I need to copy that one from the core gg device and use it for my client things, or do I need to register the cas on the devices? Help appreciated.

1 réponse
0
Réponse acceptée

As described, it seems your certificates are good - each device has its own set of certificates, generated when the things have been created. You don't need to copy certificates from one device to another.

Here are some things to check:

profile pictureAWS
répondu il y a 2 mois
  • Hi. To add a little bit, when you use Greengrass client devices, the MQTT broker on the core device has its own CA. That's the CA that should be on each client devices, for validating the server certificate (because, in this case, the server is the MQTT broker on the Greengrass core device, not AWS IoT Core).

    More information here (one of the links ggainaru already supplied): https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions