How to download intermediate certificates for AWS IoT?

Question

Hello,

I generated an MQTT client certificate using create-keys-and-certificate. The issuer of this certificate is:
issuer= /OU=Amazon Web Services O=Amazon.com Inc. L=Seattle ST=Washington C=US

is there any way to access that intermediate certificate and any other intermediate ones in the chain? I've checked all the certificates here: https://www.amazontrust.com/repository/ but unfortunately none of them is that one.

thank you!

Answer

Hi,

you cannot retrieve the CA from IoT Core that is used to sign AWS IoT Core issued device certificates. AWS IoT Core is not a PKI solution.

In case you need a PKI you can use for example [AWS Certificate Manager Private Certificate Authority (CA)](https://aws.amazon.com/certificate-manager/private-certificate-authority/).

You can also register your private CA with AWS IoT Core and issue device certificates.

KR,

Philipp

Answer

You can download the RootCA which used to connect to IoT Core: https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs

Also you can request a certificate from IoT Core console, and there will be a link to download those Root CAs.

How to download intermediate certificates for AWS IoT?

관련 콘텐츠