• State Verified Answer
  • Replies 6 replies
  • Subscribers 75 subscribers
  • Views 1645 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 300202
Options

How to set AWS IoT certificates in runtime

choehyunho

Hi team,

I am building AWS IoT client based on NRF52833 + Ethernet Controller.

I have done connecting and subscribing/publishing to AWS IoT broker successfully, and now I am trying to find a way for provisioning each device properly.

In AWS IoT library, AWS IoT certificates are statically built into application binary, and seems there is no consideration for runtime changing or reading from NV, etc.

How can I change device certificates for AWS IoT client in runtime?

Is there any proper mechanism for this?

And, Is there any plan for supporting AWS IoT Fleet Provisioning (Online Provisioning) in future nRFConnect SDK?

  • 0
    And, Is there any plan for supporting AWS IoT Fleet Provisioning (Online Provisioning) in future nRFConnect SDK?

    WE do not talk about roadmaps and timelines here in devzone. Please ask your RSM about this. I have requested an RSM from your place to reach you out soon regarding this.

    How can I change device certificates for AWS IoT client in runtime?

    It does not look like we support this. For now it looks like static certificates only. I will let you know if the developers have anymore insight than this.

  • 0 in reply to Susheel Nuguru

    For the certificate change, I made some quick dirty workaround on aws-certs.h

    //static const unsigned char ca_certificate[] = {
unsigned char ca_certificate[2048] = {
...
//static const unsigned char private_key[] = {
unsigned char private_key[2048] = {
...
//static const unsigned char device_certificate[] = {
unsigned char device_certificate[2048] = {
...

    With this workaround, I can access these variables in my application code.

    extern unsigned char ca_certificate[2048];
extern unsigned char private_key[2048];
extern unsigned char device_certificate[2048];

    Is there any better way? Or can you suggest how I can access these variable without modifying NCS codes?

  • 0 in reply to choehyunho
    choehyunho said:
    Is there any better way? Or can you suggest how I can access these variable without modifying NCS codes?

    Not that I know of, but I can ask my colleague just to be sure.

  • 0 in reply to Susheel Nuguru

    It may be more practical, not just for sample, if runtime certificate loading is possible.

    Hope some knit & clean way provided in the future NCS release.

  • +1

    My Colleague who have some experience in this thinks it can be done. Suggestion from him is below .

    "

    Okay, so the library can actually handle the loading of the credentials for you. As you have already found out, it does that by writing the contents of some buffers it assumes exists in aws-certs.h (you can change the name of the file with a Kconfig option). So the user can define those buffers in a way that makes the application capable of changing their contents. The content of the buffers are loaded each time the application calls aws_iot_connect()

    The other option is what I thought you had to do, which is to load the credentials yourself (in the application), before you call aws_iot_connect(). This approach gives more flexibility, but you will have to do all the credential handling yourself

    "

Related
Terms of service