Closed pelted closed 7 years ago
If you add '-D' argument to your command line, you will see the debug information. In particular, can you check if the host it tries to connect to is in the same region as your certs were created? If not, you could always try to specify the endpoint using -H argument.
Okay, that got me further. I need to use the -g
argument and set it to us-west-2
. No I'm getting more data and the error is unable to get local issuer certificate
.
(Note: the -F option to read a config file is being completely ignored so everything seems to need to be passed as args.)
> node node_modules/aws-iot-device-sdk/examples/device-example.js -f ./certs --test-mode=1 -g us-west-2 -D
{ keyPath: './certs/private.pem.key',
certPath: './certs/certificate.pem.crt',
caPath: './certs/root-CA.crt',
clientId: 'xxxxxxxx',
region: 'us-west-2',
baseReconnectTimeMs: 4000,
keepalive: 30,
protocol: 'mqtts',
port: 8883,
host: 'data.iot.us-west-2.amazonaws.com',
debug: true,
reconnectPeriod: 4000,
fastDisconnectDetection: true,
key: <Buffer xxxx ... >,
cert: <Buffer xxxx ... >,
ca: <Buffer xxxx ... >,
requestCert: true,
rejectUnauthorized: true }
attempting new mqtt connection...
error { Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.<anonymous> (_tls_wrap.js:1060:38)
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:584:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:416:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
offline
connection lost - will attempt reconnection in 4 seconds...
close
Hi @pelted, Are you running the sample behind a proxy? Can you also tell us which platform you are running the sample on?
Rahul
No response for a while. Assume resolved
I am also facing the same issue. Can you please tell me what is wrong here ? Regarding the platform, I am using LinkIt Smart 7688 device to execute the thing-example
root@mylinkit:~/node_modules/aws-iot-device-sdk# node examples/device-example.js -f ~/certs --test-mode=1 -D { keyPath: '/root/certs/f0107f3745-private.pem.key', certPath: '/root/certs/f0107f3745-certificate.pem.crt', caPath: '/root/certs/root-CA.crt', clientId: 'Smart7688', region: 'us-east-1', baseReconnectTimeMs: 4000, keepalive: 30, protocol: 'mqtts', port: 8883, host: 'data.iot.us-east-1.amazonaws.com', debug: true, reconnectPeriod: 4000, fastDisconnectDetection: true, key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 6f 77 49 42 41 41 4b 43 41 51 45 41 30 7a ... >, cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 6a 43 43 41 6b 4b 67 41 77 49 42 41 67 49 56 41 4f ... >, ca: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0d 0a 4d 49 49 45 30 7a 43 43 41 37 75 67 41 77 49 42 41 67 49 51 47 ... >, requestCert: true, rejectUnauthorized: true } attempting new mqtt connection... offline connection lost - will attempt reconnection in 4 seconds... close reconnect offline connection lost - will attempt reconnection in 8 seconds... close reconnect offline
{ keyPath: 'OpenBlocks-GBH00046.private.key',
certPath: 'OpenBlocks-GBH00046.cert.pem',
caPath: 'root-CA.crt',
clientId: 'root964',
region: 'ap-northeast-1',
baseReconnectTimeMs: 4000,
keepalive: 30,
protocol: 'mqtts',
port: 8883,
host: 'a2ec78say6r7nc.iot.ap-northeast-1.amazonaws.com',
debug: true,
reconnectPeriod: 4000,
fastDisconnectDetection: true,
key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49,
cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 6,
ca:
requestCert: true,
rejectUnauthorized: true }
attempting new mqtt connection...
error { Error: unable to get local issuer certificate
at Error (native)
at TLSSocket.
at emitNone (events.js:86:13)
at TLSSocket.emit (events.js:185:7)
at TLSSocket._finishInit (_tls_wrap.js:610:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:440:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
offline
connection lost - will attempt reconnection in 4 seconds...
close
I'm running this on a debian 8 linux device, kernel 4.4, node 6.10.3, npm 3.10
This device use a 3G SIM with global ip address so I guess there is no firewall issue here.
Hi @sandangel , Are you using self-signed certificates? If so, did you register your ca with AWS IoT? More information could be found here http://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html
Hi @fengsongAWS , I'm using certificates provided when download SDK and run start.sh with option when run node node_modules/.... appended with --region=ap-northeast-1
@fengsongAWS Sorry my mistake, I haven't register my ca with aws iot. I thought it would automatically register for me when i download the sdk.
I have the same error - and i'm not behind a proxy.
{ clientId: 'xxx', clientCert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 6a 43 43 41 6b 4b 67 41 77 49 42 41 67 49 56 41 49 ... >, privateKey: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 41 49 42 41 41 4b 43 41 51 45 41 73 76 ... >, caCert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 4d 49 49 45 30 7a 43 43 41 37 75 67 41 77 49 42 41 67 49 51 47 4e 72 ... >, host: 'xxx', region: 'eu-central-1', debug: true, reconnectPeriod: 1000, fastDisconnectDetection: true, protocol: 'mqtts', port: 8883, ca: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 4d 49 49 45 30 7a 43 43 41 37 75 67 41 77 49 42 41 67 49 51 47 4e 72 ... >, key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 41 49 42 41 41 4b 43 41 51 45 41 73 76 ... >, cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 6a 43 43 41 6b 4b 67 41 77 49 42 41 67 49 56 41 49 ... >, requestCert: true, rejectUnauthorized: true }
windows 10, node 8.2.1
@sandangel what do you mean with register caCert ? download? or call specific funtion? upload the symantec certificate into aws iot certificates?
Just experienced the same issue. We found out that we forgot to activate
the certificate from the console...
Worked through this several times and get nothing but cert issues whether running the examples or using a basic test JS. Not really sure where to go from here with this.
Cert is created in the console, policy attached as well as a couple of devices.
Using this:
seems to work without failing, but running the
device-example.js
produces this: