8.6.2 Edit the config.json file to Use the pkcs11 Provider

This section duplicates the information provided in AWS documentation.

The final step is to modify the /greengrass/config/config.json file to inform Greengrass of the pkcs11 provider.

First, remove the caPath, certPath, and keyPath properties from the coreThing object.

{
 "coreThing" : {
 "caPath": "root-ca-pem",
 "certPath": "cloud-pem-crt",
 "keyPath": "cloud-pem-key",
 ...
 },
 ...
}

If using p11-kit:

{
  "crypto": {
          "caPath": "file:///greengrass/certs/root.ca.pem",
          "PKCS11": {
                  "OpenSSLEngine": "/usr/lib/engines-1.1/pkcs11.so",
                  "P11Provider": "/usr/lib/p11-kit-proxy.so",
                  "slotLabel": "0123301",
                  "slotUserPin": "00112233445566778899AABBCCDDEEFF00112233445566778899AABBCCDDEEFF"
          },
          "principals": {
                  "IoTCertificate": {
                          "privateKeyPath": "pkcs11:token=012301;object=device;type=private",
                          "certificatePath": "file:///greengrass/certs/1cc2e5fa99-certificate.pem.crt"
                  }
          }
  },
  "coreThing" : {
    "thingArn" : "arn:aws:iot:eu-central-1:96949751109:thing/sam5d2_group6_Corre"
    "iotHost" :  "a2lp13dce8v5g3-ats.iot.eu-central-1.amazonaws.com",
    "ggHost" : "greengrass-ats.iot.eu-central-1.amazonaws.com",
    "keepAlive" : 600
  },
  "runtime" : {
    "cgroup" : {
      "useSystemd" : "no"
    }
  },
  "managedRespawn" : false
}