AWS IOT Device provisioning through AWS IOT sdk javascript

Question

I'm trying to provision devices through AWS IOT api calls, i have used the AWS CLI to get CA Certificate and i have also generated X.509 certificate. Can anyone please guide me on how to Create Thing and attach certificate through SDK?

Answer 1

I have successfully used the API to create devices on AWS IoT Core by following these steps. Using the CLI i made CA certificate using rsa key

• openssl genrsa -out certs/rootCA.key 2048
• openssl req -x509 -new -nodes -key certs/rootCA.key -sha256 -days 1024 -out certs/rootCA.pem
• aws iot get-registration-code (registrationCode used later as a "Common Name")
• openssl genrsa -out certs/verificationCert.key 2048

Then i created a CSR

• openssl req -new -key certs/verificationCert.key -out certs/verificationCert.csr
• openssl x509 -req -in certs/verificationCert.csr -CA certs/rootCA.pem -CAkey certs/rootCA.key -CAcreateserial -out certs/verificationCert.crt -days 500 -sha256

Registered the CA Certificate

• aws iot register-ca-certificate --ca-certificate file://certs/rootCA.pem --verification-certificate file://certs/verificationCert.crt --allow-auto-registration
• aws iot update-ca-certificate --certificate-id e3f0a30c3bbd4c9fdbb752cf2717fda21fbd2f8158e5dc0bb320c8bdbabf6295 --new-status ACTIVE

Then i used the the verificationCert.csr for createCertificateFromCsr and used the certificateArn from response in attachPolicy and attachThingPrincipal

Answer 2

You cant connect a device to AWS IoT with an API if you are trying to use HTTPS. AWS IoT specifically requires the MQTT broker on AWS IoT Core. Are you using this with a device like RPi?