Index | Prev | Next

Commissioning controllers without JITP

The following minimum configuration is necessary to commission a network of controllers without JITP.
 NOTE: *In 2022 it became possible to communicate with AWS IoT over MQTT without the requirement for a pre-registered CA certificate, however we recommend to use trusted certificates for security purposes. 
Perform the following steps:
  1. Set up IAM user.
  2. Create an AWS IoT policy for your devices.
  3. Attach various allowed actions and roles to the policy.
  4. Obtain a CA certificate.*
  5. In the AWS console or command line, obtain a verification code. *
  6. Generate a verification certificate with the verification code as the Common Name.*
  7. Sign the verification certificate with the CA certificate.*
  8. Upload CA certificate and verification certificate.*
  9. Activate certificates.*

Repeat the following steps for each device:

  1. Install the MQTT network and device in your station.
  2. Create a Thing to represent the device in AWS.
  3. Associate IoT policy with the Thing.
  4. Generate a device-specific client certificate.
  5. Sign the device certificate with the CA certificate.
  6. Upload the device certificate to AWS and activate.
  7. Associate certificate with the Thing.
  8. Combine CA certificate, device certificate, and key into a .pem file.
  9. Upload the .pem file to the Niagara platform certificate manager.
  10. Set the alias of the imported certificate on the MQTT device authenticator.
  11. Connect.

Prior to device certificate expiration, it is necessary to repeat these steps for each device .

Related Links

  • Configuring Just In Time Provisioning (JITP) (Parent Topic)

    • Index | Prev | Next