I'm trying to understand certificate goes where from AWS-IOT to certificate.h.
when setting a new device, I have these 4 certificates:
also the ROOT CA contains multiple certificates as well:
I'm not sure which one goes where in the certificates.h file.
help will be appriciated. Thanks
I am currently at this stage as well but I believe that you need the rootCA, private key and the public certificate
Private key first (private.key)
Public Cert second (cert.pem)
rootCA third (root-CA.crt)
I figured these are the three files used from the wording of the .h file and that MQTT processes like Mosquitto use these three files to successfully publish to our AWS IoT instance.
See /path/to/ncs/nRF5_SDK_15.2.0_9412b96/external/mbedtls/library/certs.c to see an example of how Nordic set these certificates up for a different process
There are several kinds of ROOT CA certificates (see second image), which one should I choose?
Any of the CA certificates should work in the "NRF_CLOUD_CA_CERTIFICATE" in certificates.h. The only constraint is the signature algorithms the TLS library on the device supports. I would like to imagine both RSA keys and ECC keys are supported though. If you care about space the ECC certs are much smaller (that's just an inherent benefit of ECC over RSA).