AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관

Greengrass security module integration using ECC keys and Multi Account Registration

0

Looking at the documentation for greengrass v2 integration with a HSM with ECC keys - it specifies Nucleus 2.5.6 or later - it also talks about using a CSR to submit to AWS for signing to allow operation. Is it possible to simply use the certificate from the HSM directly, and register this with AWS as per Multi Account Registration - so the CSR step is not required ?

1개 답변
0
수락된 답변

Hi there!

Yes, an X.509 certificate created from a private key in an HSM can be used without going through the CSR step (part of general provisioning). At that point you are using the PKCS#11 interface to utilize the private key. This portion of the docs covers importing an existing key/cert to an HSM, but the steps for configuring Greengrass from step 3 forward will walk you through the config.yaml, which should look like this when done:

system:
  certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
  privateKeyPath: "pkcs11:object=iotdevicekey;type=private"
  rootCaPath: "/greengrass/v2/rootCA.pem"
  rootpath: "/greengrass/v2"
  thingName: "MyGreengrassCore"

Greengrass will then use certificateFilePath and privateKeyPath for all AWS IoT operations (connect to IoT Core, AWS IoT Greengrass, and allowed Roles Alias).

AWS
답변함 2년 전
profile picture
전문가
검토됨 5달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠