Connecting to Greengrass Core

[erikkanderson]

Is there anything special that needs to be done to connect to a Greengrass Core instead of the IoT Core?

In the code that I have written I can successfully connect to IoT Core. I use my endpoint address, the AmazonRootCA1.pem file, and my converted .pfx file. No problems.

However, I am now trying to connect to a Greengrass core instead. I've changed the address of the endpoint, using the group CA file, and re-converted the .pfx file to use the group CA file. Now when I try and connect to the greengrass core I get a "The remote certificate is invalid according to the validation procedure" error.

I am fairly confident that my group CA file is correct as is the IP address of the core, as I can connect to the core from other things (running on raspberry pis). Which makes me suspect that I did not convert the certificates correctly to .pfx, however, I'm using the same command line as I use to generate a .pfx to connect to IoT core.

Any suggestions?

[erikkanderson]

After quite a bit of investigation and experimentation, I discovered that the Greengrass Group CA has to be installed in windows as a trusted root CA. After I did this, my .net application was able to connect to greengrass over MQTT.

The instructions I found for installing the group CA are at https://idk.dev/connecting-disparate-industrial-devices-and-applications-from-the-plant-floor-to-aws-using-kepserverex/.

[devnext2000]

I am having trouble connecting to IoT

help me, please

[erikkanderson]

I've had a similar error in the past. At least for me, the solution was the certificate attached to the thing was not activated. Activated it, and hopefully it will work.