
AWS IoT Core is updating its Symantec Server Intermediate Certificate Authority and defaulting control plane endpoints to TLS 1.2 or higher, requiring customers to migrate to Amazon Trust Services certificates and modern TLS versions for enhanced security.


<div><p>This article explains how to update certificate requirements for AWS IoT Core due to Symantec Server ICA expiration and TLS version upgrades.</p><ul><li>Symantec Server ICA expires October 31, 2023; new certificate based on VeriSign G5</li><li>AWS IoT Core control plane and new endpoints switching to TLS 1.2 minimum by default</li><li>Existing customer endpoints remain unchanged for backward compatibility</li><li>Migrate to Amazon Trust Services (ATS) signed Root CA certificates for better security</li><li>Use configurable endpoints to control TLS policy and migrate devices incrementally</li><li>Avoid certificate pinning; pin to ATS Root CA instead of intermediate certificates</li><li>Devices using ATS certificates unaffected; Symantec users must verify TLS implementation</li><li>Test device compatibility with large server certificates using AWS IoT Device Advisor</li></ul><p>Customers should migrate to ATS endpoints and TLS 1.2+ to ensure security and compatibility with AWS IoT Core's certificate updates.</p></div>


Related articles