search

aws-samples / arduino-aws-greengrass-iot

This library uses AWS C-SDK to implement an Arduino class AWSGreenGrassIoT to make it easy to securely connect sensors/actuator to AWS IoT core, directly or by mean of an AWS greengrass device (i.e. Raspberry PI) using X509 certificates.
Apache License 2.0
44 stars 13 forks source link

Connection Refused #2

Closed jayakusumah closed 4 years ago

jayakusumah commented 4 years ago

Error from serial console

[HTTPS] GET... failed, error: connection refused, I use example (gg_sgp30_publisher),

My GG already setup & successfully connected with python device SDK.

GG installed on docker

bvitali commented 4 years ago

HTTPS is used in the discovery phase: the devices connects to IoT core to get the address of the GG device to connect to. Whether GG is running on a container or not it makes no difference. The connection needs: the IoT core Certificate, the think certificate and the think private key. Can you please double check if they are right? Maybe you can run the discovery utility in the Python SDK and see if you get the proper result. If you download the Greengrass python SDK, in the sample directory, there is a "basicDiscovery.py" utility. Can you execute it with the right arguments and see if it succeeds?

jayakusumah commented 4 years ago

Use basicDiscovery from Python SDK with thing-name esp32_RPS and execute => Published topic hello: {"message": "Hello, World! Sent from HelloWorld_Publisher", "sequence": 0}

and subsribe message on GG AWS console test page, all goes well.

and I use same configuration to arduino-aws-greengrass-iot example and follow all instructions.

char THING[]= "esp32_RPS"; char TOPIC_NAME[]= "hello";

and copy cert and key to aws_certificates.c with \n\ per line, upload and check on serial console

:02:30.791 -> Connected to wifi 14:02:30.824 -> [HTTPS] GET... failed, error: connection refused 14:02:30.824 -> Greengrass Discovery failed 14:02:30.824 -> Connection to Greengrass failed, check if Greengrass is on and connected to the WiFi

all configuration (cert, key, endpoint, thing) work well on Python SDK.

complete configuration on Python SDK

python basicDiscovery.py --endpoint xxxxxxxxxx-ats.iot.ap-southeast-1.amazonaws.com --rootCA certs/AmazonRootCA1.pem --cert certs/a614843d1d.cert.pem --key certs/a614843d1d.private.key --thingName esp32_RPS --topic hello --mode publish --message 'Hello, World! Sent from HelloWorld_Publisher'

or maybe device can't connect to 172.17.0.2/127.0.0.0 port 8883 (docker IP)?

bvitali commented 4 years ago

"device can't connect to 172.17.0.2/127.0.0.0 port 8883 (docker IP)?"

The error occurs, because the GG discovery on IoT Core doesn't work.

Can you make another attempt: use connectToIoTCore and see if you can publish messages directly, the rest of the settings shall be the same. I want to ensure that all certificates/keys are formatted properly.

bvitali commented 4 years ago

I advice you to use the helper included in freertos to generate the certificates: /amazon-freertos/tools/certificate_configuration/CertificateConfigurator.html

jayakusumah commented 4 years ago

Solved, there was an error when I input the private key. error parse private key.

I change to 

static const char aws_root_ca[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
)EOF";

connected successfully, Thank you for your code & help!

bvitali commented 4 years ago

You are welcome

jayakusumah commented 4 years ago

I found an error in the example from aws_certificates.c (thingKey[])

const char thingKey[] = {"-----BEGIN CERTIFICATE-----\n\
 RSA KEY HERE\n\
-----END CERTIFICATE-----\n"};

it must be replaced with

const char thingKey[] = {"-----BEGIN RSA PRIVATE KEY-----\n\
 RSA KEY HERE\n\
-----END RSA PRIVATE KEY-----\n"};
bvitali commented 4 years ago

Thanks for the hint. I updated the code.