SSL to connect a Teensy to AWS

Status
Not open for further replies.
B

bvernham

Well-known member
I have been working on a project with the teensy 4.1/micromod to have a ability to send some data to AWS for remote monitoring.

Unfortunately the chip shortage have left the available cell modems few and far between so in the interim while some of the modems become available I have start with an Arduino MKR 1500 NB/nano33IOT as a way to get the feeling of how all this works.

Well you can communicate with the internet with no issue but you can connect to AWS IOT.

The issue seems to be how ArduinoBearSSL handles the certificate that AWS provides from the public key which the crypto chip produces for the locked private key (in the EEC chip).

Any suggestions of other SSL library with better support/examples for working with the AWS certificates?

For example, the ESP family has the "#include <WiFiClientSecure.h>"

Which comes right out and has:
Code: 
/ Amazon Root CA 1
static const char AWS_CERT_CA[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
)EOF";

// Device Certificate
static const char AWS_CERT_CRT[] PROGMEM = R"KEY(
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
)KEY";

// Device Private Key
static const char AWS_CERT_PRIVATE[] PROGMEM = R"KEY(
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
)KEY";

which is initialized in the library by:
Code: 
  // Configure WiFiClientSecure to use the AWS IoT device credentials
  net.setCACert(AWS_CERT_CA);
  net.setCertificate(AWS_CERT_CRT);
  net.setPrivateKey(AWS_CERT_PRIVATE);

Any thoughts of SSL libraries to use or potentially better examples of connecting to AWS would be appreciated.

Thanks

Bruce
 
bvernham said:
Any suggestions of other SSL library with better support/examples for working with the AWS certificates?
Bruce
Click to expand...
Hi, it seeems there are not so many experiences.
Perhaps it would be helpful if you would post a short code sample to show where you exactly have difficulties using BearSSL. Do you want to use the Teensy 4.1 Ethernet adaptor? Do you intend to use server- and clientcertificates?
 
Issue I has was with AWS "policy".

Still would be nice if someone has experience with using Bear SSL without and EEC chip.

Without the EEC chip you need to have AWS generate the private/public keys and the certificates.

I do not know how to implement this with Bear SSL even though there are options to "ignore the EEC".

Thanks
 
Last edited:
Status
Not open for further replies.
Back
Top