2 Replies Latest reply on Apr 16, 2020 6:48 PM by ChLe_852406

    How to download root CA for AWS IoT

    ChLe_852406

      i have just started to try to use the freeRTOS and got some confusion, although i can run the aws freeRTOS demo follow the Getting Started with Amazon FreeRTOS and PSoC62 + 43xxx

       

      1) how to download the root CA for AWS IoT  ?  -> i still can run the demo without the root CA for AWS IoT

      clicking download brings to a documentation page https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs

      which has no information about how to download it

      i copy this figure from https://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html

       

      2) where do we use this root CA for AWS IoT ? what's is its use case?

        • 1. Re: How to download root CA for AWS IoT
          DheerajK_81

          Hello,

           

          Answering your questions:

          1) how to download the root CA for AWS IoT  ?

          To download the root CA certificate, go to this link.This will take you to the certificate webpage. Copy all the contents and paste it into a file. Save the file as "AmazonRootCA1.pem". But just so you know, you need not download it because the AmazonFreeRTOS SDK takes care of this internally. If you look into the file "iot_default_root_certificates.h" in the location "amazon-freertos\libraries\c_sdk\standard\common\include\private", you will notice that the device certificate is validated with all the supported Root CAs.

           

           

          2) where do we use this root CA for AWS IoT ? what's is its use case?

          When you registered your IoT Device, you would have come across this page.

           Certificate created!

           

          Your device will be assigned a public key, a private key and a certificate. The certificate is used to autenticate the AWS IoT Endpoint of the device.

           

          For added security, we use the Root Certificate Authority (CA). They basically validates the identity of the certificate holder so that you know for sure that you are communicating with the correct source and not some impersonation of the original source.

           

          Your application works because RooT CA is available internally and is being taken care off for you by the SDK. So, you don't need to do anything.

           

          Regards,

          Dheeraj

          • 2. Re: How to download root CA for AWS IoT
            ChLe_852406

            thank you now i understand