https://devzone.nordicsemi.com/f/nordic-q-a/72951/securest-way-to-use-tls-in-mqtSo in the MQTT example the following function is used to write the CA certificate to the modem so a TLS connection can be setup. In our code/TLS setup we want to use Client certificates aswell that is why we are using the following setup. Theen-USTelligent Community 13Mon, 22 Mar 2021 10:22:58 GMThttps://devzone.nordicsemi.com/thread/301156?ContentTypeID=1Mon, 22 Mar 2021 10:22:58 GMT137ad170-7792-4731-bb38-c0d22fbe4515:47b533ca-5166-49e6-8284-ce8070af2e25&#216;yvind<p>Hello, my apologies for the late reply.</p> <p><em>The alternative is to flash the certificates using pynrfjprog or the certificate manager in the lte link monitor. The code that writes credentials to the modem at boot can then be removed. As long as the sec tag used in the TLS connection matches the sec tag used when flashing the certificates it should be all good.</em></p> <div><em>When we produce DKs and Thingy91s, certificates are provisioned in the factory using AT commands. So they&#39;re stored securely in the modem only, and no private keys or anything in app flash/RAM</em></div> <div></div> <div></div> [quote user=""]Thats why you have a very large warning in the AWS_FOTA example saying that this is not best practice.[/quote] <p>Yes, we encourage customers to follow warnings and notes in our documentation.</p> <p></p> <p>KInd regards,<br />Øyvind</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/301152?ContentTypeID=1Mon, 22 Mar 2021 10:13:08 GMT137ad170-7792-4731-bb38-c0d22fbe4515:451b8599-afc4-427b-80dc-6763ef7a5af0Jupyter1336<p>Thnx</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/300604?ContentTypeID=1Thu, 18 Mar 2021 08:59:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3afabe71-1f87-437b-b9fc-000e63dfe517&#216;yvind<p>Hello,&nbsp;<br /><br />I&#39;ve forwarded you questions to our MQTT experts. And will reply today or tomorrow.&nbsp;<br /><br />Kind regards,<br />Øyvind</p><div style="clear:both;"></div>