AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約

Greengrass security module integration using ECC keys and Multi Account Registration

0

Looking at the documentation for greengrass v2 integration with a HSM with ECC keys - it specifies Nucleus 2.5.6 or later - it also talks about using a CSR to submit to AWS for signing to allow operation. Is it possible to simply use the certificate from the HSM directly, and register this with AWS as per Multi Account Registration - so the CSR step is not required ?

1回答
0
承認された回答

Hi there!

Yes, an X.509 certificate created from a private key in an HSM can be used without going through the CSR step (part of general provisioning). At that point you are using the PKCS#11 interface to utilize the private key. This portion of the docs covers importing an existing key/cert to an HSM, but the steps for configuring Greengrass from step 3 forward will walk you through the config.yaml, which should look like this when done:

system:
  certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
  privateKeyPath: "pkcs11:object=iotdevicekey;type=private"
  rootCaPath: "/greengrass/v2/rootCA.pem"
  rootpath: "/greengrass/v2"
  thingName: "MyGreengrassCore"

Greengrass will then use certificateFilePath and privateKeyPath for all AWS IoT operations (connect to IoT Core, AWS IoT Greengrass, and allowed Roles Alias).

AWS
回答済み 2年前
profile picture
エキスパート
レビュー済み 5ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ