search

aws-amplify / aws-sdk-ios

AWS SDK for iOS. For more information, see our web site:
https://aws-amplify.github.io/docs
Other
1.68k stars 885 forks source link

AWS IoT SSL handshake fails (invalid certificate) #1172

Closed hotbott closed 5 years ago

hotbott commented 5 years ago

Describe the bug I'm receiving an SSL handshake error while connecting to an AWS IoT endpoint via a socket connection. Looks like the certificate for *.iot.us-east-1.amazonaws.com is not valid anymore. Starting from iOS 12.1.1, Symantec was removed from the list of trusted certificate authorities.

To Reproduce Connect to an AWS IoT endpoint using a web socket on an iOS 12.1.1+ device.

[_iotDataManager connectUsingWebSocketWithClientId:clientId
                              cleanSession:YES
                              statusCallback:nil]

Which AWS service(s) are affected? AWS IoT

Expected behavior Valid SSL certificate for *.iot.us-east-1.amazonaws.com is available.

Screenshots

20190109-aws-ssl-error

Environment(please complete the following information):

Device Information (please complete the following information):

Additional context Symantec is no longer a trusted CA on the iOS truststore https://support.apple.com/en-us/HT208860

scb01 commented 5 years ago

@hotbott

You will need to use the use an endpoint configured with a Amazon Trust Services certificate. In anticipation of this issue, AWS IOT has proactively configured this URL for you. You can get the update URL by going to the AWS Console->IoT Core ->Settings page. See the installation and configuration section of https://aws-amplify.github.io/docs/ios/pubsub for documentation on how to do this.

Also see https://github.com/aws-amplify/aws-sdk-ios/issues/1138 for more information on how other folks have solved this issue.

hotbott commented 5 years ago

@cbommas Thanks! Using the ATS enabled endpoint works!