When I’m trying to create a new certificate – I can see the page with 4 downloading links (keys and certificates).
Unfortunately, I can download all, except for root CA, because when I’m pushing the last – it throws me to AWS Documentation.
The AWS documentation that the link is redirecting you to contains the Root CA certificates. The Root CA certificates are available under the “Server Authentication” section:
Based on the signing key, the following certificates are available from the documentation page:
-> RSA 2048 bit key: VeriSign Class 3 Public Primary G5 root CA certificate (https://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem)
-> RSA 2048 bit key: Amazon Root CA 1 (https://www.amazontrust.com/repository/AmazonRootCA1.pem)
-> RSA 4096 bit key: Amazon Root CA 2 (https://www.amazontrust.com/repository/AmazonRootCA2.pem)
-> ECC 256 bit key: Amazon Root CA 3 (https://www.amazontrust.com/repository/AmazonRootCA3.pem)
-> ECC 384 bit key: Amazon Root CA 4 (https://www.amazontrust.com/repository/AmazonRootCA4.pem)
If you are creating a new thing using the web console and downloading the credentials (device certificate, device public and private key, etc) then “Amazon Root CA 1” can be used as the root CA certificate.
While creating a new thing from the console, please do not forget to click on the “Activate” button prior to proceeding to the “Attach a Policy” section.