Menu
AWS IoT
Developer Guide

CreateKeysAndCertificate

Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key.

Note This is the only time AWS IoT issues the private key for this certificate, so it is important to keep it in a secure location.

Request syntax:

POST /keys-and-certificate?setAsActive=setAsActive

URI Request Parameters:

Name

Type

Req?

Description

setAsActive

SetAsActive

no

Specifies whether the certificate is active.

Response syntax:

Content-type: application/json { "certificateArn": "string", "certificateId": "string", "certificatePem": "string", "keyPair": { "PublicKey": "string", "PrivateKey": "string" } }

Response Body Parameters:

Name

Type

Req?

Description

certificateArn

CertificateArn

no

The ARN of the certificate.

certificateId

CertificateId

no

The ID of the certificate. AWS IoT issues a default subject name for the certificate (for example, AWS IoT Certificate).

certificatePem

CertificatePem

no

The certificate data, in PEM format.

keyPair

KeyPair

no

The generated key pair.

Errors:

InvalidRequestException

The contents of the request were invalid. For example, this code is returned when an UpdateJobExecution request contains invalid status details. The message contains details about the error.

HTTP response code: 400

ThrottlingException

The rate exceeds the limit.

HTTP response code: 429

UnauthorizedException

You are not authorized to perform this operation.

HTTP response code: 401

ServiceUnavailableException

The service is temporarily unavailable.

HTTP response code: 503

InternalFailureException

An unexpected error has occurred.

HTTP response code: 500

CLI

Synopsis:

aws iot create-keys-and-certificate \ [--set-as-active | --no-set-as-active] \ [--cli-input-json <value>] \ [--generate-cli-skeleton]

cli-input-json format:

{ "setAsActive": "boolean" }

cli-input-json fields:

Name

Type

Description

setAsActive

boolean

Specifies whether the certificate is active.

Output:

{ "certificateArn": "string", "certificateId": "string", "certificatePem": "string", "keyPair": { "PublicKey": "string", "PrivateKey": "string" } }

cli output fields:

Name

Type

Description

certificateArn

string

The ARN of the certificate.

certificateId

string

length max:64 min:64

pattern: (0x)?[a-fA-F0-9]+

The ID of the certificate. AWS IoT issues a default subject name for the certificate (for example, AWS IoT Certificate).

certificatePem

string

length max:65536 min:1

The certificate data, in PEM format.

keyPair

KeyPair

The generated key pair.

PublicKey

string

length min:1

The public key.

PrivateKey

string

length min:1

The private key.

On this page: