Register a client certificate - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Register a client certificate

Client certificates must be registered with Amazon IoT to enable communications between the client and Amazon IoT. You can register each client certificate manually, or you can configure the client certificates to register automatically when the client connects to Amazon IoT for the first time.

If you want your clients and devices to register their client certificates when they first connect, you must Register your CA certificate used to sign the client certificate with Amazon IoT in the Regions in which you want to use it. The Amazon Root CA is automatically registered with Amazon IoT.

Client certificates can be shared by Amazon Web Services accounts and Regions. The procedures in these topics must be performed in each account and Region in which you want to use the client certificate. The registration of a client certificate in one account or Region is not automatically recognized by another.


Clients that use the Transport Layer Security (TLS) protocol to connect to Amazon IoT must support the Server Name Indication (SNI) extension to TLS. For more information, see Transport security in Amazon IoT Core.