I'm trying to understand certificate goes where from AWS-IOT to certificate.h.
when setting a new device, I have these 4 certificates:
also the ROOT CA contains multiple certificates as well:
I'm not sure which one goes where in the certificates.h file.
help will be appriciated. Thanks
I am currently at this stage as well but I believe that you need the rootCA, private key and the public certificate
Private key first (private.key)
Public Cert second (cert.pem)
rootCA third (root-CA.crt)
I figured these are the three files used from the wording of the .h file and that MQTT processes like Mosquitto use these three files to successfully publish to our AWS IoT instance.
See /path/to/ncs/nRF5_SDK_15.2.0_9412b96/external/mbedtls/library/certs.c to see an example of how Nordic set these certificates up for a different process
There are several kinds of ROOT CA certificates (see second image), which one should I choose?
The private key is an RSA key so the first RSA 2048 is what we use at the moment but that probably is a question for Nordic to answer. Of the two RSA CAs, the smaller 2048 is probably the correct one as the other will require more space to store.
Any of the CA certificates should work in the "NRF_CLOUD_CA_CERTIFICATE" in certificates.h. The only constraint is the signature algorithms the TLS library on the device supports. I would like to imagine both RSA keys and ECC keys are supported though. If you care about space the ECC certs are much smaller (that's just an inherent benefit of ECC over RSA).