We will go over the ways to install certificates on ESP32 and give you the ways we recommend our clients.
ESP32 downloads certificates from the cloud
We rule this option out due following drawbacks
- File handling with limited ESP32 resources is tedious
- Takes up valuable flash space which could be used by the application firmware.
- Out of production line, connecting every device to Wi-Fi is time consuming.
Mobile App provisions the device on first use
The approach
- The device advertises over BLE
- The mobile app connects to the device
- The app downloads and installs the certificates
- The app also configures the Wi-Fi credentials and connects the device to AWS IOT
Pros
For a consumer facing product with an accompanying Mobile App, this is a very good choice for the following reasons.
- Integrating AWS IOT device provisioning workflows on mobile app is relatively easier.
- The first use of the device by end user can be authenticated via mobile app
- Other product configuration or customization can be done along with the provisioning process
- Makes product deployments across geographies easier.
Cons
- The app development has additional BLE Integration
Assembly line provisioning
Approach
Build a manufacturing support tool (MST) that runs on the computer. It performs the following tasks.
- Integrate AWS IOT provisioning APIs in the MST
- The MST connects to internet and downloads the certificates and flashes via USB or Serial port
Pros:
- Improves end user experience with least steps
- Provisioning happens straight out of the production line
Cons:
- Ensuring security at the assembly line is important, the MST should ensure that.
- The device will need internet connection on the assembly line.
The accompanying mobile app is the solution that we recommend. How are you accomplishing the ESP32 AWS-IOT provisioning?