Menu
AWS IoT
Developer Guide

RegisterCACertificate

Registers a CA certificate with AWS IoT. This CA certificate can then be used to sign device certificates, which can be then registered with AWS IoT. You can register up to 10 CA certificates per AWS account that have the same subject field. This enables you to have up to 10 certificate authorities sign your device certificates. If you have more than one CA certificate registered, make sure you pass the CA certificate when you register your device certificates with the RegisterCertificate API.

Request syntax:

POST /cacertificate?setAsActive=setAsActive&allowAutoRegistration=allowAutoRegistration Content-type: application/json { "caCertificate": "string", "verificationCertificate": "string", "registrationConfig": { "templateBody": "string", "roleArn": "string" } }

URI Request Parameters:

Name

Type

Req?

Description

setAsActive

SetAsActive

no

A boolean value that specifies if the CA certificate is set to active.

allowAutoRegistration

AllowAutoRegistration

no

Allows this CA certificate to be used for auto registration of device certificates.

Request Body Parameters:

Name

Type

Req?

Description

caCertificate

CertificatePem

yes

The CA certificate.

verificationCertificate

CertificatePem

yes

The private key verification certificate.

registrationConfig

RegistrationConfig

no

Information about the registration configuration.

Response syntax:

Content-type: application/json { "certificateArn": "string", "certificateId": "string" }

Response Body Parameters:

Name

Type

Req?

Description

certificateArn

CertificateArn

no

The CA certificate ARN.

certificateId

CertificateId

no

The CA certificate identifier.

Errors:

ResourceAlreadyExistsException

The resource already exists.

HTTP response code: 409

RegistrationCodeValidationException

The registration code is invalid.

HTTP response code: 400

InvalidRequestException

The contents of the request were invalid. For example, this code is returned when an UpdateJobExecution request contains invalid status details. The message contains details about the error.

HTTP response code: 400

CertificateValidationException

The certificate is invalid.

HTTP response code: 400

ThrottlingException

The rate exceeds the limit.

HTTP response code: 429

LimitExceededException

The number of attached entities exceeds the limit.

HTTP response code: 410

UnauthorizedException

You are not authorized to perform this operation.

HTTP response code: 401

ServiceUnavailableException

The service is temporarily unavailable.

HTTP response code: 503

InternalFailureException

An unexpected error has occurred.

HTTP response code: 500

CLI

Synopsis:

aws iot register-ca-certificate \ --ca-certificate <value> \ --verification-certificate <value> \ [--set-as-active | --no-set-as-active] \ [--allow-auto-registration | --no-allow-auto-registration] \ [--registration-config <value>] \ [--cli-input-json <value>] \ [--generate-cli-skeleton]

cli-input-json format:

{ "caCertificate": "string", "verificationCertificate": "string", "setAsActive": "boolean", "allowAutoRegistration": "boolean", "registrationConfig": { "templateBody": "string", "roleArn": "string" } }

cli-input-json fields:

Name

Type

Description

caCertificate

string

length max:65536 min:1

The CA certificate.

verificationCertificate

string

length max:65536 min:1

The private key verification certificate.

setAsActive

boolean

A boolean value that specifies if the CA certificate is set to active.

allowAutoRegistration

boolean

Allows this CA certificate to be used for auto registration of device certificates.

registrationConfig

RegistrationConfig

Information about the registration configuration.

templateBody

string

The template body.

roleArn

string

length max:2048 min:20

The ARN of the role.

Output:

{ "certificateArn": "string", "certificateId": "string" }

cli output fields:

Name

Type

Description

certificateArn

string

The CA certificate ARN.

certificateId

string

length max:64 min:64

pattern: (0x)?[a-fA-F0-9]+

The CA certificate identifier.

On this page: