For Greengrass v2, I cannot find any way to retrieve the Core Device CA certificate. Can't find any method in Console, SDK or API to retreive Core Device CA Certificate either.
I am aware that the client devices receive the specific certificate in response to the cloud discovery however, I am trying to find a way where client devices do not require internet connection.
In case I'll have the certificate, the client devices can use that certificate along with already known Greengrass Core endpoint to authenticate and connect to Greengrass Core device without the need of internet connection.
So the question is, if there is any way to retrieve/download the Core Device CA certificate?
While this is not yet documented in the docs, Greengrass Core device CA certificate can be found at following path in core device:
/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem
Using this certificate, ip address of core device & port, client device can connect and authenticate with core device.