Activate or deactivate a client certificate
AWS IoT verifies that a client certificate is active when it authenticates a connection.
You can create and register client certificates without activating them so they can't be used until you want to use them. You can also deactivate active client certificates to disable them temporarily. Finally, you can revoke client certificates to prevent them from any future use.
Activate a client certificate (console)
To activate a client certificate using the AWS IoT console
-
Sign in to the AWS Management Console and open the AWS IoT console
. -
In the left navigation pane, choose Secure, choose Certificates.
-
In the list of certificates, locate the certificate that you want to activate, and open the option menu by using the ellipsis icon.
-
In the option menu, choose Activate.
The certificate should show as Active in the list of certificates.
Deactivate a client certificate (console)
To deactivate a client certificate using the AWS IoT console
-
Sign in to the AWS Management Console and open the AWS IoT console
. -
In the left navigation pane, choose Secure, choose Certificates.
-
In the list of certificates, locate the certificate that you want to deactivate, and open the option menu by using the ellipsis icon.
-
In the option menu, choose Deactivate.
The certificate should show as Inactive in the list of certificates.
Activate a client certificate (CLI)
The AWS CLI provides the update-certificate
aws iot update-certificate \ --certificate-idcertificateId\ --new-status ACTIVE
If the command was successful, the certificate's status will be
ACTIVE. Run describe-certificate
aws iot describe-certificate \ --certificate-idcertificateId
Deactivate a client certificate (CLI)
The AWS CLI provides the update-certificate
aws iot update-certificate \ --certificate-idcertificateId\ --new-status INACTIVE
If the command was successful, the certificate's status will be
INACTIVE. Run describe-certificate
aws iot describe-certificate \ --certificate-idcertificateId
