I'm learning AWS and I created a new thing with the required certificates to access it via MQTT:
If I'm not wrong the root-CA.crt file will be the same for all the things because it's used to authenticate the server.
What I don't understand if I need to create a different set of certificates (private.key and cert.pem) for every device I will build.
Yes, the whole point of using client side certificates is to enable you to reliably uniquely identify each client.
AWS will provide APIs to provision each device with it's own cert/key.
The other reason is that it means that you can easily ban a single device if the certificate is compromised, if every device reuses the same certificate then you have to recall all the devices and update them if somebody gets hold of the key/cert pair.
