Manage your CA certificates

This section describes common tasks for managing your own certificate authority (CA) certificates.

You might need to register your certificate authority (CA) with AWS IoT if you are using client certificates signed by a CA that AWS IoT doesn't recognize.

If you want clients to automatically register their client certificates with AWS IoT when they first connect, the CA that signed the client certificates must be registered with AWS IoT. Otherwise, you don't need to register the CA certificate that signed the client certificates.

Note

A CA certificate can be registered in DEFAULT mode by only one account in a Region. A CA certificate can be registered in SNI_ONLY mode by multiple accounts in a Region.

Create a CA certificate, if you need one.

Create the certificate and key files that you need for the next step.
Register your CA certificate

Register your CA certificate with AWS IoT
Deactivate a CA certificate

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Create your own client certificates

Create a CA certificate

Manage your CA certificates

Create a CA certificate, if you need one.

Register your CA certificate