Open eugenPtr opened 5 years ago
Were you able to resolve this? I am running into the same issue.
Nope, I went for Firebase instead of AWS
I used openssl to debug this, and after trying out multiple things I was finally able to connect successfully.
Troubleshooting Steps:
#Install Openssl Utility
root@yun:~ opkg update
root@yun:~ opkg install libopenssl
root@yun:~ opkg install openssl-util
#Inside the certs/ folder in the AWS-IoT-Python-Runtime/
root@yun:~ openssl s_client -connect xxxxxxtesttqnj-ats.iot.us-east-1.amazonaws.com:8883 -CAfile rootCA.crt -cert xxxxxx-certificate.pem.crt -key xxxxxxx-private.pem.key
This kept erroring out with:
Verify return code: 20 (unable to get local issuer certificate)
I decided to replace the Amazon ATS CA crt with the public Verisign one. That failed again with the same error because the legacy Verisign certs only work with non-ats AWS endpoints.
I was finally able to to connect with the Verisign Cert (cert) and non-ATS endpoint:
root@yun:~ openssl s_client -connect xxxxxxtesttqnj.iot.us-east-1.amazonaws.com:8883 -CAfile
VeriSign-Class\ 3-Public-Primary-Certification-Authority-G5.pem -cert xxxxxxx-certificate.pem.crt -key xxxxxxx-private.pem.key
Hi,
I followed #28 having the same issue but it didn't help.
First, I made sure the certificates worked by publishing a message from my machine via command line and receiving it in the AWS Console. I was able to receive it successfully.
mosquitto_pub --cafile ./root-CA.pem --cert ./cert.pem --key ./privateKey.pem -h a2jutn9ff4v3vz-ats.iot.eu-west-2.amazonaws.com -p 8883 -q 1 -d -t test -i clientY -m "Test message"
After setting up the SDK and getting the connection error I added
Serial.println(rw_buf);
to aws_iot_mqtt.cpp and received the following output.Next, I downloaded [(https://github.com/aws/aws-iot-device-sdk-python)] as zip, unzipped it, scp-ed it onto the board, ran the setup script and the included example.
Then, I checked the policy attached to my certificate and it looked perfectly fine.
Edit: I started thinking that I might have a wrong OpenSSL version that doesn't support TLSv1.2 but this 1.0.1 should do
Can anyone give me a hand regarding this?