I have downloaded the arduino-fwuploader on my Mac and also use the Arduino ide 2.3.5
After searching the web for a while it seems the Internet refers to 2 different arduino-fwuploader tools.
One of them has a more direct way to upload certificates to the Arduino Nano iot 33. It uses flags like -cert, -private and -ca, (Those are not exact wording because I cannot find this version of the tool). The other version uses flags like arduino-fwuploader certificate flash -a -b -file ....
From my understanding when connecting to AWS IOT core all 3 of those crt files should be uploaded to the Nano, but I cannot figure out how to do that with the version of the tool I have.
Has anyone successfully connected Arduino Nano Iot 33 to AWS using SSL and MQTT? If so, how did you get the certificates (i think only 1 is need on the board) on the board?
I am using
SSLClient.h and WiFiNANO.h and ArduinoMQTTClient.
Please provide a link to where you found that information in a reply on this forum topic. That might provide the forum helpers with the context we need to understand what that tool is.
You can pass multiple certificate file paths to the arduino-fwuploader certificate flash --file command in a comma-separated list.
I am not sure a link to the tool is necessary, If you have used the tool in the past you would understand the tool. The name of the tool, as you have stated is arduino-fwuploader and I also mentioned in my post. I appreciate, for I did not know, you can pas multiple files to the --file flag. That helps.
But this really doesn't answer the question in the post. "Has anyone successfully connected Arduino Nano Iot 33 to AWS using SSL and MQTT? If so, how did you get the certificates (i think only 1 is need on the board) on the board?"
Quick question: has anyone tried uploading a single PEM file containing all three certificates with arduino-fwuploader certificate flash --file to the Nano 33 IoT, and did it work for AWS IoT Core?
Only one of those is of the type expected by the fwuploader: a CA root cert
CA certs are used by the Arduino to verify the identity of servers. This would include the widely available AmazonRootCA1.pem for the AWS IoT broker at <random>.iot.<region>.amazonaws.com
The other two PEM files are issued by AWS. Actually lately, they issue three files. It's easy to tell, since the first and last lines "fence" the Base64-encoded DER content
-----BEGIN CERTIFICATE----- issued by OU=Amazon Web Services itself, so that it can verify the Arduino's identity. This is mutual TLS.
-----BEGIN RSA PRIVATE KEY----- is the other half of the key pair. When AWS IoT generates the key pair, you get one chance to download it. From that point on, you're (supposed to be) the only one that has the private key to do the asymmetric encryption for TLS
and lately(?), -----BEGIN PUBLIC KEY----- which you can extract from the certificate if you really need it. Maybe there is some workflow where this saves a step? But not much interest here
Don't you think it would be better to provide the people who are trying to provide assistance with the information they request?
I have used the official arduino-fwuploader tool quite a lot, and am peripherally involved in its development, documentation, and maintenance.
You seem to feel that the alternative tool you learned about is significant in some way, but you have only provided the most vague of information about it. There is a good chance that I or one of the other forum helpers could identify that alternative tool if we only had more information than what you have deigned to trickle down to us.