How does aws iot generate a certificate id?

Question

I use Just-in-Time Registration of Device Certificates on AWS IoT. When the device certificate is registered, the lambda is started. Lambda uses a certificate id to create the name of the thing. For example: THING_66b9071648978494bec3cc2254362f4e9513bd886fb3f57ad9ee3ec9be0db931.

I need to know how aws iot generates a certificate id so that I can dynamically subscribe to the MQTT topics. For example topic: $aws/things/THING_66b9071648978494bec3cc2254362f4e9513bd886fb3f57ad9ee3ec9be0db931/shadow/update

It's not clear to me what you are asking but (from what I have seen) the certificate id is the SHA256 hash of the certificate. — Ben T

Halim Qarroum Halim Qarroum · Accepted Answer · 2019-07-25T14:39:36

AWS IoT uses the SHA-256 hash of a device certificate in the binary DER format (not in the PEM textual format) to determine its certificateId.

A good way to retrieve the hash of a X.509 certificate using the SHA-256 hashing algorithm is to use the openssl command-line tool.

openssl x509 -noout -fingerprint -sha256 -in certificate.crt

How does aws iot generate a certificate id?

1 Answers