Create a CA certificate - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Create a CA certificate

If you do not have a CA certificate, you can use OpenSSL v1.1.1i tools to create one.


You can't perform this procedure in the Amazon IoT console.

To create a CA certificate using OpenSSL v1.1.1i tools

  1. Generate a key pair.

    openssl genrsa -out root_CA_key_filename.key 2048
  2. Use the private key from the key pair to generate a CA certificate.

    openssl req -x509 -new -nodes \ -key root_CA_key_filename.key \ -sha256 -days 1024 \ -out root_CA_cert_filename.pem