Closed amarnath87 closed 6 years ago
Hello,
Are you trying to connect directly via greengrass? To do that, you need to retrieve a different certificate than the one you use to connect to AWS cloud. This certificate is requested directly from the cloud using an http request at the address: "GET /greengrass/discover/thing/-your thing name- HTTP/1.1\r\n\r\n" on port 8443 The http response will contain a JSON file that has that certificate + the IP you can use.
Another possibility is IP resolution. If you are using SNI, it is possible that your server IP resolution is different than the one entered in the certificate.
Hugues
Hi Hugues,
We have followed your instructions still we are getting the same issue.
Amarnath
Hello,
I will need more information to be able to help you:
Amazon FreeRTOS has a library for greengrass discovery: You could try doing a greengrass discovery with their windows simulator and see if you experience the same issue: https://github.com/aws/amazon-freertos
Hugues
Hi Hugues,
Please find the details below
Are you trying to connect directly via greengrass?
Did you manage to receive the JSON file? How are you extracting the certificate?
Do you use SNI?
Are you using Linux?
As suggested by you we have tried FreeRTOS windows simulator. Even though it says the Greengrass connection is successful. When we subscribe for messages on AWS IOT console Test page for freertos/demos/ggd we don't see any updates. We are not seeing any shadow updates as well. Not much information is available in the AWS documentation as well.
Please find the logs for FreeRTOS windows simulator here - https://gist.github.com/amarnath87/e9345fda3986c3c3d5577c3853d3ed1e
Amarnath
Hi,
I have error 404 when trying to access the win simulator logs.
Hugues
Hi Hugues,
We could successfully connect to greengrass after doing the following changes to the code:
We are not sure how to configure certificate as trusted in the mbedtls_ssl_conf_ca_chain function. Could you please let us know how to do that or point to online resource
Hi,
I would look into the MBEDTLS documentation for that. Otherwise, you can look at what Amazon FreeRTOS does to make a certificate trusted, this option need to be called: mbedtls_x509_crt_parse This will add your server certificate to the trusted chain list. Careful that your server CA is compatible with your root CA.
Hugues
Hi @amarnath87, did you have a chance to try @huguesBouvier 's suggestion?
Hi,
No, we are going through MBEDTLS documentation. Taking some time to understand as we are new to this.
Amarnath
Hi @amarnath87,
Please let us know if you need any more help on this. Closing issue.
Hi,
We are trying to connect to Greengrass core using C AWS IOT SDK
Here are the steps we followed
When we launch sample app its throwing the following error. How to address this issue
ERROR: iot_tls_connect L#222 failed ! mbedtls_ssl_handshake returned -0x2700
ERROR: iot_tls_connect L#229 Unable to verify the server's certificate. Either it is invalid, or you didn't set ca_file or ca_path to an appropriate value. Alternatively, you may want to use auth_mode=optional for testing purposes.