AWS IoT Core

  • Published on Jun 13, 2025
  • 1 minute(s) read
Prev Next

Export to Amazon Web Services - IoT Core.

Configuration

This integration can be configured on the Export Configs tab on each Service Provider in the LoRaWAN Portal.

For AWS IoT these fields can be configured:

To securely connect a device or gateway to AWS IoT Core, the following three credentials are required for mutual TLS authentication:

1. Certificate

This is the public certificate associated with your device. It proves the identity of the device to AWS IoT Core.

  • Format: .pem or .crt

  • Purpose: Sent to AWS IoT during the TLS handshake.

  • Issued by: AWS IoT when you create or register a new device certificate.

2. Key

This is the private key associated with the certificate above.

  • Format: .key or .pem

  • Purpose: Used to sign data during the TLS handshake to prove ownership of the certificate.

  • Security Tip: This must be kept secure and never shared or exposed publicly.

3. Certificate Authority (CA)

This is the root certificate used to verify that the client certificate was issued by a trusted authority.

  • Format: .pem file containing the CA certificate.

  • Purpose: Lets the client validate the AWS IoT server's identity (AWS IoT uses Amazon Root CA).

  • Commonly: You use Amazon Root CA 1, which is downloadable from AWS IoT Docs.

Keystore

AWS IoT Core will provide you with a bundle containing a client certificate and private key. These need to be converted into a keystore before uploading into the configuration.

One way to do this is to use the following commands.

openssl pkcs12 -export -in <certificate-file> -inkey <private-key-file> -out tmp.pkcs -name alias
# type in the export password

keytool -importkeystore -srckeystore tmp.pkcs -srcstoretype PKCS12 -srcstorepass <export-password> -alias alias -deststorepass <keystore-password> -destkeystore my.keystore