Today, AWS IoT Core—a managed service that connects billions of Internet of Things (IoT) devices to AWS—announces the capability of using your own Certificate Authority (CA) certificates when provisioning fleets with AWS IoT Core. Using AWS IoT Core, you can provision your devices with various techniques, such as just-in-time provisioning, just-in-time registration, and fleet provisioning, where each technique serves a dedicated purpose. For example, with fleet provisioning, you can generate and securely deliver X.509 client certificates to your devices when they connect to AWS for the first time. The updated fleet provisioning capability enables you to issue and customize X.509 client certificates using CAs hosted on popular CA services, such as AWS Private CA, external CAs, or your own public key infrastructure (PKI).
With the new capability, you have more control over the CA certificate when using fleet provisioning, so that you can meet your organizations’ specific security requirements, such as controlling the source of credentials and ensuring the credentials’ authenticity. Additionally, you can customize your security certificates’ signing algorithms, validity periods, and other attributes to improve the security posture of your IoT solution.