Install the certificates
Place the downloaded certificates into a folder with a name to match your Thing's name or the 10-character ID used in the filenames that correspond to the start of the certificate's ID shown in the AWS IoT console.
To simplify file management on the XBee device and to allow re-use of the same code on multiple devices, give the files shorter names.
Original name |
New name |
---|---|
9770fec281-certificate.pem.crt |
aws.crt |
9770fec281-private.pem.key |
aws.key |
9770fec281-public.pem.key |
(unused) |
SFSRootCAG2.pem |
aws.ca |
Use XCTU or ATFS commands in a terminal emulator to upload the three files to the cert/ directory on the XBee device. For security, use ATFS XPUT to upload the aws.key as a secure file. We recommend using the Starfield Services Root Certificate from amazontrust.com/repository/ as the intermediate CA certificates provided by Amazon do not work on some cellular modules. Note the Verisign certificate is now considered legacy by Amazon.
Many of the intermediate root certificate authorities on the AWS repository (amazontrust.com/repository/) do not work with the TLS implementation on the XBee Cellular Modems. To ensure that you have success, you need to use a specifc Starfield Technologies Root Certificate Authority depending on which XBee you are using.
If you are using one of the CAT 1 XBee Cellular devices, use the Starfield Class 2 Certification Authority Root Certificate instead of the ones recommended by Amazon. If you are using the LTE-M/NB-IoT or 3G devices, you need to use the Starfield Services Root Certificate Authority certificate. Note that the Amazon certificates are in the trust chain of these two certificates. It has the following SHA-256 thumbprint and can be obtained from Starfield Technologies.
XBee 3 Cellular Cat 1 AT&T | Starfield Class 2 Certification Authority Root Certificate | sf-class2-root.crt (PEM) | 1465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658 |
XBee 3 Cellular Cat 1 AT&T | |||
XBee Cellular Cat 1 Verizon | |||
LTE-M/3G products | Starfield Services Root Certificate Authority - G2 | PEM | 2b071c59a0a0ae76b0eadb2bad23bad4580b69c3601b630c2eaf0613afa83f92 |