search

aws / aws-iot-device-sdk-embedded-C

SDK for connecting to AWS IoT from a device using embedded C.
MIT License
974 stars 622 forks source link

fleet_provisioning_with_csr expected certificate and private key saved #1874

Closed giuspen closed 10 months ago

giuspen commented 11 months ago

The demo fleet_provisioning_with_csr is very useful, thanks for that, it is missing the generation/write to disk of device.pem.crt and private.pem.key though as I would have expected.

The documentation at https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html states The device obtains a permanent certificate and private key by using one of these options. The device will use the certificate and key for all future authentication with AWS IoT

EDIT: also discussed on https://repost.aws/questions/QUxMmTqkwGThuBkZxxvz_imQ/aws-iot-device-sdk-embedded-c-fleet-provisioning-with-csr-demo-how-to-save-private-key-and-certificate

Skptak commented 11 months ago

Hey @giuspen thanks for reaching out about this I'm not sure what the issue you're facing is? In fleet_provisioning_with_csr/demo_config.h:73 we state that the demo takes in a path to a certificate existing on the host file system. This is then also true for the keys that the device itself should be using, per this line.

Is the issue you're facing is that these certificates aren't being downloaded by default when building the demo? Or is it something separate?

giuspen commented 11 months ago

Hi @Skptak thanks for answering.

The demo is working as described, it doesn't really have a bug, I'm just asking for a little help as myself and probably many others are looking at this example in order to generate physically on the filesystem a certificate and a private key unique to the device.

I do have the claim certificate on the filesystem and the claim private key, but I would expect to generate a new unique certificate and private key that I can then use for example in the mqtt mutual auth demo.

giuspen commented 11 months ago

Related to this issue, I created the PR https://github.com/aws/aws-iot-device-sdk-embedded-C/pull/1875

Skptak commented 11 months ago

Wow thanks for submitting a PR for a new demo @giuspen! I'm going to take a look at what you've got when I can, but just wanted to say thanks for making such a large contribution to this repository 😄

giuspen commented 11 months ago

My pleasure @Skptak to give a little contribution, it's mostly copied code from the other fleet provisioning demo anyway, just adjusted for CreateKeysAndCertificate instead of CreateCertificateCsr and added optional write to disk of key and certificate 😉