8.6.2 Edit the config.json file to Use the pkcs11 Provider
This section duplicates the information provided in AWS documentation.
The final step is to modify the
/greengrass/config/config.json
file to inform Greengrass of the pkcs11
provider.
First, remove the caPath, certPath
, and
keyPath
properties from the coreThing
object.
{ "coreThing" : { "caPath": "root-ca-pem", "certPath": "cloud-pem-crt", "keyPath": "cloud-pem-key", ... }, ... }
If using p11-kit:
{ "crypto": { "caPath": "file:///greengrass/certs/root.ca.pem", "PKCS11": { "OpenSSLEngine": "/usr/lib/engines-1.1/pkcs11.so", "P11Provider": "/usr/lib/p11-kit-proxy.so", "slotLabel": "0123301", "slotUserPin": "00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF" }, "principals": { "IoTCertificate": { "privateKeyPath": "pkcs11:token=012301;object=device;type=private", "certificatePath": "file:///greengrass/certs/1cc2e5fa99-certificate.pem.crt" } } }, "coreThing" : { "thingArn" : "arn:aws:iot:eu-central-1:96949751109:thing/sam5d2_group6_Corre" "iotHost" : "a2lp13dce8v5g3-ats.iot.eu-central-1.amazonaws.com", "ggHost" : "greengrass-ats.iot.eu-central-1.amazonaws.com", "keepAlive" : 600 }, "runtime" : { "cgroup" : { "useSystemd" : "no" } }, "managedRespawn" : false }