Forum Rule: Always post complete source code & details to reproduce any issue!
Results 1 to 3 of 3

Thread: SSL to connect a Teensy to AWS

  1. #1
    Senior Member
    Join Date
    Feb 2015
    Posts
    167

    SSL to connect a Teensy to AWS

    I have been working on a project with the teensy 4.1/micromod to have a ability to send some data to AWS for remote monitoring.

    Unfortunately the chip shortage have left the available cell modems few and far between so in the interim while some of the modems become available I have start with an Arduino MKR 1500 NB/nano33IOT as a way to get the feeling of how all this works.

    Well you can communicate with the internet with no issue but you can connect to AWS IOT.

    The issue seems to be how ArduinoBearSSL handles the certificate that AWS provides from the public key which the crypto chip produces for the locked private key (in the EEC chip).

    Any suggestions of other SSL library with better support/examples for working with the AWS certificates?

    For example, the ESP family has the "#include <WiFiClientSecure.h>"

    Which comes right out and has:
    Code:
    / Amazon Root CA 1
    static const char AWS_CERT_CA[] PROGMEM = R"EOF(
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    )EOF";
    
    // Device Certificate
    static const char AWS_CERT_CRT[] PROGMEM = R"KEY(
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
    )KEY";
    
    // Device Private Key
    static const char AWS_CERT_PRIVATE[] PROGMEM = R"KEY(
    -----BEGIN RSA PRIVATE KEY-----
    -----END RSA PRIVATE KEY-----
    )KEY";
    which is initialized in the library by:
    Code:
      // Configure WiFiClientSecure to use the AWS IoT device credentials
      net.setCACert(AWS_CERT_CA);
      net.setCertificate(AWS_CERT_CRT);
      net.setPrivateKey(AWS_CERT_PRIVATE);
    Any thoughts of SSL libraries to use or potentially better examples of connecting to AWS would be appreciated.

    Thanks

    Bruce

  2. #2
    Junior Member
    Join Date
    Mar 2021
    Posts
    17
    Quote Originally Posted by bvernham View Post
    Any suggestions of other SSL library with better support/examples for working with the AWS certificates?
    Bruce
    Hi, it seeems there are not so many experiences.
    Perhaps it would be helpful if you would post a short code sample to show where you exactly have difficulties using BearSSL. Do you want to use the Teensy 4.1 Ethernet adaptor? Do you intend to use server- and clientcertificates?

  3. #3
    Senior Member
    Join Date
    Feb 2015
    Posts
    167
    Issue I has was with AWS "policy".

    Still would be nice if someone has experience with using Bear SSL without and EEC chip.

    Without the EEC chip you need to have AWS generate the private/public keys and the certificates.

    I do not know how to implement this with Bear SSL even though there are options to "ignore the EEC".

    Thanks
    Last edited by bvernham; 01-17-2022 at 08:54 PM. Reason: Update

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •