Posted On: Dec 19, 2023

Today, Amazon IoT Core—a managed service that connects billions of Internet of Things (IoT) devices to Amazon Web Services Cloud—announces the capability of using your own Certificate Authority (CA) certificates when provisioning fleets with Amazon IoT Core. Using Amazon IoT Core, you can provision your devices with various techniques, such as just-in-time provisioning, just-in-time registration, and fleet provisioning, where each technique serves a dedicated purpose. For example, with fleet provisioning, you can generate and securely deliver X.509 client certificates and private keys to your devices when they connect to Amazon Web Services Cloud for the first time. The updated fleet provisioning capability enables you to issue and customize X.509 client certificates using CAs hosted on external CA services or your own public key infrastructure (PKI).

With the new capability, you have more control over the CA certificate when using fleet provisioning, so that you can meet your organizations’ specific security requirements, such as controlling the source of credentials and ensuring the credentials’ authenticity. Additionally, you can customize your security certificates’ signing algorithms, validity periods, and other attributes to improve the security posture of your IoT solution.

The capability to customize and issue client certificates with your own CA is offered at no additional charge beyond the standard Amazon IoT Core and Amazon Lambda. The feature is generally available immediately in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD. To get started, refer to technical documentation.