How to download root CA for AWS IoT

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
ChLe_852406
Level 1
Level 1
First question asked First reply posted

i have just started to try to use the freeRTOS and got some confusion, although i can run the aws freeRTOS demo follow the Getting Started with Amazon FreeRTOS and PSoC62 + 43xxx

1) how to download the root CA for AWS IoT  ?  -> i still can run the demo without the root CA for AWS IoT

clicking download brings to a documentation page https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authenticati...

which has no information about how to download it

i copy this figure from https://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html

2) where do we use this root CA for AWS IoT ? what's is its use case?

0 Likes
1 Solution
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

Hello,

Answering your questions:

1) how to download the root CA for AWS IoT  ?

To download the root CA certificate, go to this link.This will take you to the certificate webpage. Copy all the contents and paste it into a file. Save the file as "AmazonRootCA1.pem". But just so you know, you need not download it because the AmazonFreeRTOS SDK takes care of this internally. If you look into the file "iot_default_root_certificates.h" in the location "amazon-freertos\libraries\c_sdk\standard\common\include\private", you will notice that the device certificate is validated with all the supported Root CAs.

2) where do we use this root CA for AWS IoT ? what's is its use case?

When you registered your IoT Device, you would have come across this page.

 Certificate created!

Your device will be assigned a public key, a private key and a certificate. The certificate is used to autenticate the AWS IoT Endpoint of the device.

For added security, we use the Root Certificate Authority (CA). They basically validates the identity of the certificate holder so that you know for sure that you are communicating with the correct source and not some impersonation of the original source.

Your application works because RooT CA is available internally and is being taken care off for you by the SDK. So, you don't need to do anything.

Regards,

Dheeraj

View solution in original post

0 Likes
2 Replies
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

Hello,

Answering your questions:

1) how to download the root CA for AWS IoT  ?

To download the root CA certificate, go to this link.This will take you to the certificate webpage. Copy all the contents and paste it into a file. Save the file as "AmazonRootCA1.pem". But just so you know, you need not download it because the AmazonFreeRTOS SDK takes care of this internally. If you look into the file "iot_default_root_certificates.h" in the location "amazon-freertos\libraries\c_sdk\standard\common\include\private", you will notice that the device certificate is validated with all the supported Root CAs.

2) where do we use this root CA for AWS IoT ? what's is its use case?

When you registered your IoT Device, you would have come across this page.

 Certificate created!

Your device will be assigned a public key, a private key and a certificate. The certificate is used to autenticate the AWS IoT Endpoint of the device.

For added security, we use the Root Certificate Authority (CA). They basically validates the identity of the certificate holder so that you know for sure that you are communicating with the correct source and not some impersonation of the original source.

Your application works because RooT CA is available internally and is being taken care off for you by the SDK. So, you don't need to do anything.

Regards,

Dheeraj

0 Likes

thank you now i understand

0 Likes