Which AmazonRootCA1 to use with greengrass ?

0

I have greengrass running in a docker container and have a few clients things setup running outside of the container. I can pub/sub to the moquett mqtt only if I turn off using tls. Otherwise I get the root ca is untrusted error in greengrass.logs. I am using the one downloaded when the (client) thing certs are generated by aws for my client things. The greengrass installation has its own ca that was downloaded as part of the installation of the gg core device. Do I need to copy that one from the core gg device and use it for my client things, or do I need to register the cas on the devices? Help appreciated.

1 回答
0
已接受的回答

As described, it seems your certificates are good - each device has its own set of certificates, generated when the things have been created. You don't need to copy certificates from one device to another.

Here are some things to check:

profile pictureAWS
已回答 2 个月前
  • Hi. To add a little bit, when you use Greengrass client devices, the MQTT broker on the core device has its own CA. That's the CA that should be on each client devices, for validating the server certificate (because, in this case, the server is the MQTT broker on the Greengrass core device, not AWS IoT Core).

    More information here (one of the links ggainaru already supplied): https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则