如何更新AWS IoT中的事物证书？

Question

How do I update the certificate of an existing Thing in AWS IoT, assuming I know the thing name and an attribute with the same value? Ie the thing has name "foo" and attribute "id=foo" .

From the limited documentation, I'm assuming I do something like:

• Register the replacement certificate ( RegisterCertificate )
• Find the existing thing ( ListThings , filtered by attribute)
• Attach the new certificate to the Thing ( AttachThingPrincipal ?)

• Somehow find the old certificate (is there no better way than ListCertificates and paging)??

• Update the old certificate to be INACTIVE ( UpdateCertificate )

Can anyone confirm the correct, most succinct way to do this?

Answer 1

I welcome better solutions, but this worked for me:

1. Call RegisterThing again (same ThingName, same policy, different cert). This seems to attach a new certificate to my thing.
2. Called ListThingPrincipals , filtering on ThingName. The result will be a list of ARNs representing the certificates associated with the thing, of the form arn:aws:iot:<region>:<account id>:cert/<cert id> .
3. Iterative through the list, strip out the certificate id and call DescribeCertificate , with the certificate id as parameter.
4. Compare the result (which includes the PEM form of the certificate) with the new certificate. If it's not a match, this is one of the previous certificates. Consequently, call UpdateCertificate and mark that certificate as INACTIVE .