- Newest
- Most votes
- Most comments
Hi Smr. In general, it's more common for mobile apps to use Cognito identities than X.509 certificates. And to use our mobile SDK or Amplify to publish and subscribe to AWS IoT Core.
Nonetheless, fleet provisioning is available in two forms: Fleet provisioning by claim and fleet provisioning by trusted user.
Fleet provisioning relies on a common certificate. The "claim certificate". This is a close fit to what you described.
Fleet provisioning by trusted user dynamically generates a time-limited claim certificate after the user logs in. This is more secure than distributing a claim certificate with an app, and mobile apps would typically require a user to create an account and to login as part of setup anyway. Thus fleet provisioning by trusted user would typically be a better fit for a mobile app.
To use fleet provisioning, your app/device needs to implement the Device provisioning API. Some of our SDKs implement part of this, but where you store the unique device certificate on your device is up to you.
Whitepaper (see pages 15-19): https://d1.awsstatic.com/whitepapers/device-manufacturing-provisioning.pdf
Relevant content
- asked 3 months ago
- asked 2 years ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a year ago