SolidStateLEDLighting
commented
1 year ago Are these just the keys that you need to decrypt the OTA download? As I understand it -- you have the option of making a custom OTA where you supply the key and the AWS will send that over MQTT externally to the binary file during the Jobs process.
Sounds like you are also somehow rotating certificates from with the new OTA binary. You might consider not doing that -- I believe AWS recommends the Jobs service for certificate rotation. OR you might place fleet provision routines in your firmware and allow the device to re-certify itself --- the down-side to that option is that you'll orphan a dead certificate in the system -- thus AWS suggests certificate rotation with Jobs where the system will kill the old certificate for you. This is what I believe to be correct.
Hi ESP/AWS Team, We are contacting here to resolve an issue with our existing products, we are using the ESP32 chip in our products and AWS as our IoT core, our costumers constantly update firmware via the OTA and AWS . The problem we have ran in to is that, the AWS certificates (keys) inside the products have been expired which can not enable our customers to update firmware or use their mobile application ,
We are seeking help to bypass the expired certificate and let our customers use their mobile app to update new firmware with new certificate. are there any possibilities to solve this problem ?
thanks for your kind feedback.