IoT / Client / register_ca_certificate



Registers a CA certificate with Amazon Web Services IoT Core. There is no limit to the number of CA certificates you can register in your Amazon Web Services account. You can register up to 10 CA certificates with the same CA subject field per Amazon Web Services account.

Requires permission to access the RegisterCACertificate action.

See also: AWS API Documentation

Request Syntax

response = client.register_ca_certificate(
        'templateBody': 'string',
        'roleArn': 'string',
        'templateName': 'string'
            'Key': 'string',
            'Value': 'string'
  • caCertificate (string) –


    The CA certificate.

  • verificationCertificate (string) – The private key verification certificate. If certificateMode is SNI_ONLY, the verificationCertificate field must be empty. If certificateMode is DEFAULT or not provided, the verificationCertificate field must not be empty.

  • setAsActive (boolean) –

    A boolean value that specifies if the CA certificate is set to active.

    Valid values: ACTIVE | INACTIVE

  • allowAutoRegistration (boolean) – Allows this CA certificate to be used for auto registration of device certificates.

  • registrationConfig (dict) –

    Information about the registration configuration.

    • templateBody (string) –

      The template body.

    • roleArn (string) –

      The ARN of the role.

    • templateName (string) –

      The name of the provisioning template.

  • tags (list) –

    Metadata which can be used to manage the CA certificate.


    For URI Request parameters use format: …key1=value1&key2=value2…

    For the CLI command-line parameter use format: &&tags “key1=value1&key2=value2…”

    For the cli-input-json file use format: “tags”: “key1=value1&key2=value2…”

    • (dict) –

      A set of key/value pairs that are used to manage the resource.

      • Key (string) – [REQUIRED]

        The tag’s key.

      • Value (string) –

        The tag’s value.

  • certificateMode (string) – Describes the certificate mode in which the Certificate Authority (CA) will be registered. If the verificationCertificate field is not provided, set certificateMode to be SNI_ONLY. If the verificationCertificate field is provided, set certificateMode to be DEFAULT. When certificateMode is not provided, it defaults to DEFAULT. All the device certificates that are registered using this CA will be registered in the same certificate mode as the CA. For more information about certificate mode for device certificates, see certificate mode.

Return type:



Response Syntax

    'certificateArn': 'string',
    'certificateId': 'string'

Response Structure

  • (dict) –

    The output from the RegisterCACertificateResponse operation.

    • certificateArn (string) –

      The CA certificate ARN.

    • certificateId (string) –

      The CA certificate identifier.