Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso

Greengrass security module integration using ECC keys and Multi Account Registration

0

Looking at the documentation for greengrass v2 integration with a HSM with ECC keys - it specifies Nucleus 2.5.6 or later - it also talks about using a CSR to submit to AWS for signing to allow operation. Is it possible to simply use the certificate from the HSM directly, and register this with AWS as per Multi Account Registration - so the CSR step is not required ?

1 Resposta
0
Resposta aceita

Hi there!

Yes, an X.509 certificate created from a private key in an HSM can be used without going through the CSR step (part of general provisioning). At that point you are using the PKCS#11 interface to utilize the private key. This portion of the docs covers importing an existing key/cert to an HSM, but the steps for configuring Greengrass from step 3 forward will walk you through the config.yaml, which should look like this when done:

system:
  certificateFilePath: "pkcs11:object=iotdevicekey;type=cert"
  privateKeyPath: "pkcs11:object=iotdevicekey;type=private"
  rootCaPath: "/greengrass/v2/rootCA.pem"
  rootpath: "/greengrass/v2"
  thingName: "MyGreengrassCore"

Greengrass will then use certificateFilePath and privateKeyPath for all AWS IoT operations (connect to IoT Core, AWS IoT Greengrass, and allowed Roles Alias).

AWS
respondido há 2 anos
profile picture
ESPECIALISTA
avaliado há 5 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas