putting the right certificates in certificates.

I am currently at this stage as well but I believe that you need the rootCA, private key and the public certificate

In certificates.h:

Private key first (private.key)

Public Cert second (cert.pem)

rootCA third (root-CA.crt)

I figured these are the three files used from the wording of the .h file and that MQTT processes like Mosquitto use these three files to successfully publish to our AWS IoT instance.

See /path/to/ncs/nRF5_SDK_15.2.0_9412b96/external/mbedtls/library/certs.c to see an example of how Nordic set these certificates up for a different process

Thanks MJD093,

There are several kinds of ROOT CA certificates (see second image), which one should I choose?

The private key is an RSA key so the first RSA 2048 is what we use at the moment but that probably is a question for Nordic to answer. Of the two RSA CAs, the smaller 2048 is probably the correct one as the other will require more space to store.

Any of the CA certificates should work in the "NRF_CLOUD_CA_CERTIFICATE" in certificates.h.  The only constraint is the signature algorithms the TLS library on the device supports.  I would like to imagine both RSA keys and ECC keys are supported though.  If you care about space the ECC certs are much smaller (that's just an inherent benefit of ECC over RSA).

Any of the CA certificates should work in the "NRF_CLOUD_CA_CERTIFICATE" in certificates.h.  The only constraint is the signature algorithms the TLS library on the device supports.  I would like to imagine both RSA keys and ECC keys are supported though.  If you care about space the ECC certs are much smaller (that's just an inherent benefit of ECC over RSA).