I’m trying to get an application running in amazon freertos that uses the just in time provisioning mechanism to allow provisioning of a fleet of devices.
Hello @jpfaguirre regarding your second question, please ensure that you’re setting keyCLIENT_CERTIFICATE_PEM, keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM, and keyCLIENT_PRIVATE_KEY_PEM in aws_clientcredential_keys.h.
Referencing https://aws.amazon.com/blogs/iot/setting-up-just-in-time-provisioning-with-aws-iot-core/, keyCLIENT_CERTIFICATE_PEM should be defined to the contents of deviceCert.crt (encoded as PEM); keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM should be defined to the contents of rootCA.pem; and keyCLIENT_PRIVATE_KEY_PEM should be defined to the contents of deviceCert.key (encoded as PEM).
More generally, keep in mind that the device only needs to include the JIT issuer certificate on the first connection attempt. Once the device certificate has been successfully registered as a result of that, the device can stop sending the issuer cert in its TLS connection requests. However, it’s fine to keep sending it anyway. Also, on that first connection attempt, even when registration is successful, the AWS IoT MQTT gateway will disconnect the TCP connection. Therefore, the device app must be programmed in such a way as to anticipate that and reconnect.