8.6 Setting Up the Greengrass Certificate
The public key from the ECC608
device:
# p11tool --export-pubkey --provider /usr/lib/libcryptoauth.so "pkcs11:token=0123EE;object=device;type=private"
The Greengrass instance should already be set up. In order to use the
hardware keys rather than the AWS provided keys, generate a Certificate Signed Request
(CSR) using
openssl:
#openssl req -engine pkcs11 -key "pkcs11:token=0123EE;object=device;type=private" -keyform engine -new -out new_device.csr -subj "/CN=NEW CSR EXAMPLE
To verify the CSR was created correctly: