0

For Greengrass v2, I cannot find any way to retrieve the Core Device CA certificate. Can't find any method in Console, SDK or API to retreive Core Device CA Certificate either.

I am aware that the client devices receive the specific certificate in response to the cloud discovery however, I am trying to find a way where client devices do not require internet connection.

In case I'll have the certificate, the client devices can use that certificate along with already known Greengrass Core endpoint to authenticate and connect to Greengrass Core device without the need of internet connection.

So the question is, if there is any way to retrieve/download the Core Device CA certificate?

Shumail
  • 3,103
  • 4
  • 28
  • 35
  • Found a similar issue/solution for Greengrass v1 https://github.com/njlaw/greengrass-standalone-demo – Shumail Dec 20 '21 at 16:38

1 Answers1

2

While this is not yet documented in the docs, Greengrass Core device CA certificate can be found at following path in core device:

/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

Using this certificate, ip address of core device & port, client device can connect and authenticate with core device.

Shumail
  • 3,103
  • 4
  • 28
  • 35
  • Opened an issue https://github.com/awsdocs/aws-iot-greengrass-v2-developer-guide/issues/20 – Shumail Dec 21 '21 at 11:27
  • See https://github.com/awsdocs/aws-iot-greengrass-v2-developer-guide/issues/20#issuecomment-1004405561 for AWS' statement on why this is not a _recommended_ approach, yet that for now it is the best choice for a non-internet enabled client device – Oskar Austegard Mar 24 '22 at 22:52