AWS IoT - how to use default AWS created RSA certs (ESP32, Sonoff Pow Elite) #21578
-
I am following the instructions here to connect my ESP32 device to my own AWS backend. I am not using the CloudFormation template, I am doing the whole process manually. I am using a ESP32 devboard for testing and will later use this firmware on a Sonoff Pow R3 Elite. I have successfully compiled and flashed the board. I am able to access the webUI. I have created the AWS Thing as well as the policy. My issue is that I am having trouble uploading the certificates to the device. The link above uses ECC certificates. I would like to use the default AWS-issued RSA certificates. I am able to upload the root CA1 cert (TLSKey2), but not the private key (TLSKey1). The reason being, I think Tasmota is expecting a 32 byte cert, but I am uploading a larger file. If anyone could instruct me on how to use AWS-issued RSA certs, I would greatly appreciate it. Some other questions I had:
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 8 replies
-
Please read carefully the documentation. The root CA is already included in the binary. |
Beta Was this translation helpful? Give feedback.
-
An extra question, if I want to add the device private key on compilation instead of using the Web UI as instructed in the previous link, where do I put the private key data? The code has this comment on line 449: I do see another comment below that which says:
This makes me think that I should be able to use the larger RSA private key by default. Or is this note talking about the device certificate (corresponding to TLSKey2), not the device private key? |
Beta Was this translation helpful? Give feedback.
-
I have an update on my attempt to connect Tasmota to AWS MQTT. I've been struggling for quite some time trying to get a connection to AWS MQTT. I kept getting a I have tried using the GUI WebUI. On the Configure MQTT page, I checked and unchecked this option in the image below, but that did not solve the issue. It actually changed the error from I stumbled across this discussion. One of the comments here say to use
But only when I added:
was it able to connect to aws. Note that my Serial output is not exactly the same as the instructions here.
This is my output (with
I'm mentioning this on this discussion because I'm not sure if I did something wrong and I just managed to force it to work, or if the docs are needing an update. I am using a MH-ET-LIVE ESP32 minikit devobard. In |
Beta Was this translation helpful? Give feedback.
No, this was due so storage size constraint on ESP8266. EC private keys are much more compact than RSA keys. And btw they are more secure as well. It is not possible to use RSA keys and devices to authenticate.
Why would you want a RSA cert instead of the smaller and more secure EC cert?