Which AmazonRootCA1 to use with greengrass ?

0

I have greengrass running in a docker container and have a few clients things setup running outside of the container. I can pub/sub to the moquett mqtt only if I turn off using tls. Otherwise I get the root ca is untrusted error in greengrass.logs. I am using the one downloaded when the (client) thing certs are generated by aws for my client things. The greengrass installation has its own ca that was downloaded as part of the installation of the gg core device. Do I need to copy that one from the core gg device and use it for my client things, or do I need to register the cas on the devices? Help appreciated.

1 個回答
0
已接受的答案

As described, it seems your certificates are good - each device has its own set of certificates, generated when the things have been created. You don't need to copy certificates from one device to another.

Here are some things to check:

profile pictureAWS
已回答 2 個月前
  • Hi. To add a little bit, when you use Greengrass client devices, the MQTT broker on the core device has its own CA. That's the CA that should be on each client devices, for validating the server certificate (because, in this case, the server is the MQTT broker on the Greengrass core device, not AWS IoT Core).

    More information here (one of the links ggainaru already supplied): https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南