:doc:`IoT <../../iot>` / Client / create_keys_and_certificate

***************************
create_keys_and_certificate
***************************



.. py:method:: IoT.Client.create_keys_and_certificate(**kwargs)

  

  Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key. You can also call ``CreateKeysAndCertificate`` over MQTT from a device, for more information, see `Provisioning MQTT API <https://docs.aws.amazon.com/iot/latest/developerguide/provision-wo-cert.html#provision-mqtt-api>`__.

   

  **Note** This is the only time IoT issues the private key for this certificate, so it is important to keep it in a secure location.

   

  Requires permission to access the `CreateKeysAndCertificate <https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions>`__ action.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/iot-2015-05-28/CreateKeysAndCertificate>`_  


  **Request Syntax**
  ::

    response = client.create_keys_and_certificate(
        setAsActive=True|False
    )
    
  :type setAsActive: boolean
  :param setAsActive: 

    Specifies whether the certificate is active.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'certificateArn': 'string',
          'certificateId': 'string',
          'certificatePem': 'string',
          'keyPair': {
              'PublicKey': 'string',
              'PrivateKey': 'string'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 

      The output of the CreateKeysAndCertificate operation.

      
      

      - **certificateArn** *(string) --* 

        The ARN of the certificate.

        
      

      - **certificateId** *(string) --* 

        The ID of the certificate. IoT issues a default subject name for the certificate (for example, IoT Certificate).

        
      

      - **certificatePem** *(string) --* 

        The certificate data, in PEM format.

        
      

      - **keyPair** *(dict) --* 

        The generated key pair.

        
        

        - **PublicKey** *(string) --* 

          The public key.

          
        

        - **PrivateKey** *(string) --* 

          The private key.

          
    
  
  **Exceptions**
  
  *   :py:class:`IoT.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`IoT.Client.exceptions.ThrottlingException`

  
  *   :py:class:`IoT.Client.exceptions.UnauthorizedException`

  
  *   :py:class:`IoT.Client.exceptions.ServiceUnavailableException`

  
  *   :py:class:`IoT.Client.exceptions.InternalFailureException`

  