Creating a code-signing certificate for the Nordic nrf52840-dk
Important
This reference integration is hosted on the Amazon-FreeRTOS repository which is deprecated. We recommend that you start here when you create a new project. If you already have an existing FreeRTOS project based on the now deprecated Amazon-FreeRTOS repository, see the Amazon-FreeRTOS Github Repository Migration Guide.
The Nordic nrf52840-dk supports a self-signed SHA256 with ECDSA code-signing certificate.
Note
To create a code signing certificate, install
OpenSSLopenssl
is assigned to the OpenSSL executable in
your command prompt or terminal environment.
Use the Amazon Command Line Interface to import your code-signing certificate, private key, and certificate chain into Amazon Certificate Manager. For information about installing the Amazon CLI, see Installing the Amazon CLI.
-
In your working directory, use the following text to create a file named
cert_config.txt
. Replacetest_signer@amazon.com
with your email address:[ req ] prompt = no distinguished_name = my_dn [ my_dn ] commonName = test_signer@amazon.com [ my_exts ] keyUsage = digitalSignature extendedKeyUsage = codeSigning
-
Create an ECDSA code-signing private key:
openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -pkeyopt ec_param_enc:named_curve -outform PEM -out ecdsasigner.key
-
Create an ECDSA code-signing certificate:
openssl req -new -x509 -config cert_config.txt -extensions my_exts -nodes -days 365 -key ecdsasigner.key -out ecdsasigner.crt
-
Import the code-signing certificate, private key, and certificate chain into Amazon Certificate Manager:
aws acm import-certificate --certificate fileb://ecdsasigner.crt --private-key fileb://ecdsasigner.key
This command displays an ARN for your certificate. You need this ARN when you create an OTA update job.
Note
This step is written with the assumption that you are going to use Code Signing for Amazon IoT to sign your firmware images. Although the use of Code Signing for Amazon IoT is recommended, you can sign your firmware images manually.