Closed waqar48 closed 2 years ago
I'm trying to publish to mqtt topic /example/topic with default message. Old config on nodejs driver code had client certificate in .crt format where as here I also tried converting to .pem ( certificates/certficate.pem) as some fixed SSL_CTX_use_certificate_chain_file error with command openssl x509 -in certificates/certificate.pem.crt -out certificates/certficate.pem
Yet still the error is occuring
Also same result for different port 443 as #define AWS_MQTT_PORT 443
Hi @waqar48
Looking into your issue now, will get back to you shortly.
Hi @waqar48
The encoding conversion you made should be unnecessary as .crt
and .pem
are colloquially both PEM encoding. I suspect the result of the unnecessary conversion may have given rise to these issues. Were you hitting errors complaining about the file extension (i.e. .crt
vs .pem
)? If so you should be able to simply change the filename of the original certificates/certficate.crt
to certificates/certficate.pem
-- no openssl
conversion needed.
Could you
certificates/certficate.crt
and verify it's in PEM formatcertificates/certficate.crt
to certificates/certficate.pem
OpenSSL provides great documentation on X.509 encodings if you want to learn more about it.
I reverted port back to 8883 and also without using openSSL I renamed certificates/certficate.crt to certificates/certficate.pem
yet same above result.
Findings but for mqtt_basic_tls client
Configuration // Get from demo_config.h // =================================================
//.pem rename with or without openSSL doesn't work
//.pem rename with or without openSSL doesn't work
// =================================================
Output after running root@ubuntu:/opt/aws-iot-device-sdk-embedded-C/build/bin# ./mqtt_demo_basic_tls [INFO] [DEMO] [mqtt_demo_basic_tls.c:499] Establishing a TLS session to redacted-ats.iot.ca-central-1.amazonaws.com:443. [ERROR] [MQTT] [core_mqtt.c:1534] Incorrect packet type 48 received while expecting CONNACK(20). [ERROR] [MQTT] [core_mqtt.c:1569] CONNACK recv failed with status = MQTTBadResponse. [ERROR] [MQTT] [core_mqtt.c:1840] MQTT connection failed with status = MQTTBadResponse. [ERROR] [DEMO] [mqtt_demo_basic_tls.c:978] Connection with MQTT broker failed with status MQTTBadResponse. [WARN] [DEMO] [mqtt_demo_basic_tls.c:538] Connection to the broker failed. Retrying connection after 497 ms backoff. [INFO] [DEMO] [mqtt_demo_basic_tls.c:499] Establishing a TLS session to redacted-ats.iot.ca-central-1.amazonaws.com:443. [ERROR] [MQTT] [core_mqtt.c:1534] Incorrect packet type 48 received while expecting CONNACK(20). [ERROR] [MQTT] [core_mqtt.c:1569] CONNACK recv failed with status = MQTTBadResponse. [ERROR] [MQTT] [core_mqtt.c:1840] MQTT connection failed with status = MQTTBadResponse. [ERROR] [DEMO] [mqtt_demo_basic_tls.c:978] Connection with MQTT broker failed with status MQTTBadResponse. [WARN] [DEMO] [mqtt_demo_basic_tls.c:538] Connection to the broker failed. Retrying connection after 344 ms backoff. [INFO] [DEMO] [mqtt_demo_basic_tls.c:499] Establishing a TLS session to redacted-ats.iot.ca-central-1.amazonaws.com:443. [ERROR] [MQTT] [core_mqtt.c:1534] Incorrect packet type 48 received while expecting CONNACK(20). [ERROR] [MQTT] [core_mqtt.c:1569] CONNACK recv failed with status = MQTTBadResponse. [ERROR] [MQTT] [core_mqtt.c:1840] MQTT connection failed with status = MQTTBadResponse. [ERROR] [DEMO] [mqtt_demo_basic_tls.c:978] Connection with MQTT broker failed with status MQTTBadResponse. [WARN] [DEMO] [mqtt_demo_basic_tls.c:538] Connection to the broker failed. Retrying connection after 1940 ms backoff. ^C
@waqar48 It could be that the policy attached to your certificate has no permissions to CONNECT or SUBSCRIBE over MQTT. Also, have you tried using a different MQTT client to test if the issue lies with the code and not your policy?
Certificates format and permissions are fine. I've tested certificates with mqtt client by mosquitto.org and its working fine my aws IoT instance. I'll reopen this ticket when aws sdk is needed.
SDK version 202108.00
demo_config.h configuration // =================================================
define AWS_IOT_ENDPOINT "redacted-ats.iot.ca-central-1.amazonaws.com"
define AWS_MQTT_PORT 8883
define CLIENT_IDENTIFIER "testclient"
define ROOT_CA_CERT_PATH "certificates/AmazonRootCA1.crt"
define CLIENT_CERT_PATH "certificates/certficate.pem"
define CLIENT_PRIVATE_KEY_PATH "certificates/private.pem.key"
// =================================================
./mqtt_demo_mutual_auth [INFO] [DEMO] [mqtt_demo_mutual_auth.c:642] Establishing a TLS session to-ats.iot.ca-central-1.amazonaws.com:8883.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:399] SSL_CTX_use_certificate_chain_file failed to import client certificate at certificates/certficate.pem.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:621] Setting up credentials failed.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:666] Failed to establish a TLS connection.
[WARN] [DEMO] [mqtt_demo_mutual_auth.c:681] Connection to the broker failed. Retrying connection after 72 ms backoff.
[INFO] [DEMO] [mqtt_demo_mutual_auth.c:642] Establishing a TLS session to -ats.iot.ca-central-1.amazonaws.com:8883.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:399] SSL_CTX_use_certificate_chain_file failed to import client certificate at certificates/certficate.pem.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:621] Setting up credentials failed.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:666] Failed to establish a TLS connection.
[WARN] [DEMO] [mqtt_demo_mutual_auth.c:681] Connection to the broker failed. Retrying connection after 684 ms backoff.
[INFO] [DEMO] [mqtt_demo_mutual_auth.c:642] Establishing a TLS session to -ats.iot.ca-central-1.amazonaws.com:8883.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:399] SSL_CTX_use_certificate_chain_file failed to import client certificate at certificates/certficate.pem.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:621] Setting up credentials failed.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:666] Failed to establish a TLS connection.
[WARN] [DEMO] [mqtt_demo_mutual_auth.c:681] Connection to the broker failed. Retrying connection after 214 ms backoff.
[INFO] [DEMO] [mqtt_demo_mutual_auth.c:642] Establishing a TLS session to -ats.iot.ca-central-1.amazonaws.com:8883.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:399] SSL_CTX_use_certificate_chain_file failed to import client certificate at certificates/certficate.pem.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:621] Setting up credentials failed.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:666] Failed to establish a TLS connection.
[WARN] [DEMO] [mqtt_demo_mutual_auth.c:681] Connection to the broker failed. Retrying connection after 2686 ms backoff.
^C
SSL keeps failing to establish. Openssl version 1.1.1f 31 Mar 2020