Provisioning-JITP #59
Conversation
|
|
||
| ## Reference architecture | ||
|
|
||
|  |
There was a problem hiding this comment.
Is this the right diagram? It doesn't align to the steps below and seems to be missing AWS IoT Core.
|
|
||
|  | ||
| The details of this flow are as follows: | ||
| 1. Private key and signed certificate pair is created using PKI. PKI can be self-managed or using a managed service like Amazon ACM. |
There was a problem hiding this comment.
are created
stored in device persistent storage? Or do you mean memory?
|  | ||
| The details of this flow are as follows: | ||
| 1. Private key and signed certificate pair is created using PKI. PKI can be self-managed or using a managed service like Amazon ACM. | ||
| 2. This pair is securely copied and stored on the device memory. |
There was a problem hiding this comment.
The private key and signed certificate are securely copied...
| The details of this flow are as follows: | ||
| 1. Private key and signed certificate pair is created using PKI. PKI can be self-managed or using a managed service like Amazon ACM. | ||
| 2. This pair is securely copied and stored on the device memory. | ||
| 3. Using JITP, the device connects to AWS IoT, and the certificate’s signature is verified |
There was a problem hiding this comment.
AWS IoT Core
which certificate? client cert or server cert?
| 1. Private key and signed certificate pair is created using PKI. PKI can be self-managed or using a managed service like Amazon ACM. | ||
| 2. This pair is securely copied and stored on the device memory. | ||
| 3. Using JITP, the device connects to AWS IoT, and the certificate’s signature is verified | ||
| against the registered CA. After verification, a provisioning template registers the Thing, |
There was a problem hiding this comment.
There is no context for the registered CA. Maybe missing from the diagram and flow above?
| 1. Create an IAM role for your AWS IoT Core service and name it JITP_demo. Attach Policy AWSIoTThingsRegistration to this role. | ||
|  | ||
| 2. Create a JITP template JSON file by running following commands | ||
| ```json |
There was a problem hiding this comment.
remove json from code fence if not json. Do this throughout the file.
| "roleArn":"<ROLE_ARN>" | ||
| } | ||
| ``` | ||
| 4. Run the following register-ca-certificate command to register the device root CA as a CA certificate in AWS IoT Core. Make sure to set correct region at --region flag |
There was a problem hiding this comment.
Highlight the command, e.g., register-ca-certificate, and region flag. Without being set as code, --region becomes and em dash.
| --- | ||
| #### Perform JITP | ||
| --- | ||
| Now we have to create a Device certificate using self-signed root CA and on-board the device using JITP. If you have configured ACM or other PKI use your respective PKI to create a CSR and sign device certificate and skip to step 6. |
| openssl genrsa -out deviceCert.key 2048 | ||
| ``` | ||
|
|
||
| 3. Run the following OpenSSL command to create a device CSR. The example JITP template requires the ThingName value to equal the certificate’s CommonName value. The template also requires the CountryName value to equal the Country value in the CA certificate. Refer to the following example: |
There was a problem hiding this comment.
renumber. You have 1, then 3. If you use 1 for every entry, this will auto number.
| sudo python3 setup.py install | ||
| ``` | ||
|
|
||
| 7. Navigate to Samples folder and execute the basicPubSub. |
There was a problem hiding this comment.
to the samples/ folder
the basicPubSub
Check grammar for this step.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.