8.6 Setting Up the Greengrass Certificate

The public key from the ECC608 device:

# p11tool --export-pubkey --provider /usr/lib/libcryptoauth.so
"pkcs11:token=0123EE;object=device;type=private"

The Greengrass instance should already be set up. In order to use the hardware keys rather than the AWS provided keys, generate a Certificate Signed Request (CSR) using openssl:

 #openssl req -engine pkcs11 -key "pkcs11:token=0123EE;object=device;type=private" -keyform engine -new -out new_device.csr -subj "/CN=NEW CSR EXAMPLE

To verify the CSR was created correctly: