Which AmazonRootCA1 to use with greengrass ?

0

I have greengrass running in a docker container and have a few clients things setup running outside of the container. I can pub/sub to the moquett mqtt only if I turn off using tls. Otherwise I get the root ca is untrusted error in greengrass.logs. I am using the one downloaded when the (client) thing certs are generated by aws for my client things. The greengrass installation has its own ca that was downloaded as part of the installation of the gg core device. Do I need to copy that one from the core gg device and use it for my client things, or do I need to register the cas on the devices? Help appreciated.

1 Risposta
0
Risposta accettata

As described, it seems your certificates are good - each device has its own set of certificates, generated when the things have been created. You don't need to copy certificates from one device to another.

Here are some things to check:

profile pictureAWS
con risposta 2 mesi fa
  • Hi. To add a little bit, when you use Greengrass client devices, the MQTT broker on the core device has its own CA. That's the CA that should be on each client devices, for validating the server certificate (because, in this case, the server is the MQTT broker on the Greengrass core device, not AWS IoT Core).

    More information here (one of the links ggainaru already supplied): https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande