"software.amazon.awssdk.crt.mqtt.MqttException" when connecting to MQTT over port 443 on Windows

[qiao-rsa]

Confirm by changing [ ] to [x] below to ensure that it's a bug:

• [x ] I've searched for previous similar issues and didn't find any solution

Known Issue

• [ ] I'm using ATS data type endpoint: the endpoint should look like <prefix>-ats.iot.<region>.amazonaws.com

Describe the bug Hello, could you please help with the following error? Thank you. On windows 10 when I connect to MQTT over port 443, I got this exception: "software.amazon.awssdk.crt.mqtt.MqttException"

SDK version number

1.1.0 **Platform/OS/Hardware/Device** Windows 10 Enterprise x64 Dell Latitude 5400 Visual Studio Community 2019 C++ JDK 11.0.4 **To Reproduce (observed behavior)** Here is our code ``` MqttClientConnection mqttClientConnection = getConnection(deviceId); CompletableFuture connected = mqttClientConnection.connect(); log.info("Connected to IoT. New session: {}.", connected.get()); ``` **Expected behavior** On Linux/Mac environment it works. But on Windows it doesn't. I expect it to connect successfully without exception. **Logs/output** ``` Expected no exception to be thrown, but got 'com.rsa.nws.control.DeviceException' at spock.lang.Specification.noExceptionThrown(Specification.java:118) at com.rsa.nws.control.DeviceClientMqttIntegrationTest.Device connects to IoT and register to listen cloud messages(DeviceClientMqttIntegrationTest.groovy:135) Caused by: com.rsa.nws.control.DeviceException: Unable to connect to IoT at com.rsa.nws.control.DefaultDeviceClient.connect(DefaultDeviceClient.java:261) at com.rsa.nws.control.DeviceClientMqttIntegrationTest.Device connects to IoT and register to listen cloud messages(DeviceClientMqttIntegrationTest.groovy:132) Caused by: java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: System call failure at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395) at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999) at com.rsa.nws.control.DefaultDeviceClient.connect(DefaultDeviceClient.java:252) ... 1 more Caused by: software.amazon.awssdk.crt.mqtt.MqttException: System call failure at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:142) ``` **Additional context** Add any other context about the problem here.

[bretambrose]

Please attach a trace log of your program run. You can use system properties to enable this:

-Daws.crt.log.level=Trace -Daws.crt.log.filename= -Daws.crt.log.destination=File

Also, if you could include the code snippet where you configure the connection that would be very helpful as well.

[qiao-rsa]

Hello @bretambrose Please find the getConnection() method below.

  private MqttClientConnection getConnection(String deviceId) throws GeneralSecurityException {
    CertificateService.TlsContext tlsContext = certificateService.getTlsContext(ALIAS);

    try (EventLoopGroup eventLoopGroup = new EventLoopGroup(1);
        HostResolver resolver = new HostResolver(eventLoopGroup);
        ClientBootstrap clientBootstrap = new ClientBootstrap(eventLoopGroup, resolver);
        AwsIotMqttConnectionBuilder builder =
            AwsIotMqttConnectionBuilder.newMtlsBuilder(
                tlsContext.getCertificatePem(), tlsContext.getPrivateKeyPem())) {

      builder
          .withBootstrap(clientBootstrap)
          .withClientId(deviceId)
          .withEndpoint(activationConfig.getIotHost());
      return builder.build();
    }
  }

I'll send you the trace log file by email. Thank you for helping.

[DavidOgunsAWS]

Can you verify the content/format of the certificate? Does it have BEGIN and END certificate tags? To eliminate possible certificate formatting issues which may vary in behavior across Windows and Mac/Linux, we recommend testing code by generating a certificate through the IoT console, then downloading and using that. If that works, then the problem is with the specific certificate being used and we can dig deeper from there.

Thanks,

[github-actions[bot]]

Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one.

[qiao-rsa]

I found out if I create a fresh certificate using IoT console with 1-click option and download both device cert and private key, it actually works fine. The problem is that we are using Java keytool and keystore (for our IoT device) to generate a private key first, save it in keystore, create a csr and send a csr request to IoT which returns a device cert and then save it to keystore. Next when the device is ready to connect, it retrieves both private key and device cert from keystore. Somehow AwsIotMqttConnectionBuilder was not able to be built and throws some TlsContext error.

This ticket can be closed while we continue to troubleshoot from the Java keystore side. Thank you.

[bretambrose]

Thanks for the update. I'll close for now, but if you hit something that we can possibly help with, feel free to create a new issue.

[highergao]

hi,i have this issue too this is code exception Exception in thread "main" java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: The connection was closed unexpectedly. at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395) at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999) at rawpubsub.TestConnections.main(TestConnections.java:21) Caused by: software.amazon.awssdk.crt.mqtt.MqttException: The connection was closed unexpectedly. at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:139)

[nhannguyensy]

If you connect via proxy , please use network load balancer ( tcp) , don't use application load balancer . This is an example nginx reverse proxy for aws iot mqtt via nginx : https://www.0937686468.com/2022/09/nginx-reverse-proxy-for-aws-iot-mqtt.html