UNABLE_TO_GET_ISSUER_CERT_LOCALLY :(

[AnisBH]

Hi ibm team :) ,

Please could you help me with this problem ! I'm follow this tutorial to connect my Raspberry with ibm IoT secured with TLS. The problem ==> "UNABLE_TO_GET_ISSUER_CERT_LOCALLY" :( .

please what is exactly the problem ??

Best regards ,

[Lokesh-K-Haralakatta]

Hi, Have you specified the paths of certificates in samples/device.json file? If not, specify the proper paths of the certificates as explained in the recipe. If already specified, then make sure the specified paths are correct and containing the required certificates at the path.

Thx, Loki...

[AnisBH]

Hi loki ,

Thanks for your reply :),

I repeated this tutorial for 4 or 5 times, and it's still the same problem. I have verified the path and it's still the same error.

Picture 1 ==> The path of all certs & the configuration of device.json.

Picture 2 ==> Configuration on IBM

Picture 3 ==> the same error :'( .

best regards ,

[Lokesh-K-Haralakatta]

Hi, Today, there was downtime for the platform. Even we are also facing some connection issues during the day. That may also be the reason. Looking at your attached snaps, looks like you have followed the steps correctly. Can you please try once again after some time and let us know, whether it works or not due to down time of the platform? If not, give a try by specifying the use-client-certs = false to just to check whether the connectivity without the certificates is working fine or not. To do this, set security policy as TLS Optional on the platform.

Thx, Loki...

[AnisBH]

hi Lokesh ,

i'm trying from yesterday ! and it's not working. I have followed all steps exactly like the tutorial with my colleague for many times and i think thar the problem with certifications .

YES , without certif , it work 1- i have change the policy to "TlS optional" 2 - Change the device.json with this new conf : { "org": "qvz0qq", "domain": "internetofthings.ibmcloud.com", "type": "rpi3", "id": "3", "auth-method": "token", "auth-token": "SO20-JMjBNS!A7pE&W", "use-client-certs":false, "client-ca": "/home/pi/Desktop/CertIBM/rootCA.pem", "client-cert": "/home/pi/Desktop/CertIBM/client.pem", "client-key": "/home/pi/Desktop/CertIBM/client.key" }

The result =>

with certif dosn't work !

best regards , :)

[Lokesh-K-Haralakatta]

Hi, One more question - when did you create your organization? it's newly created for this exercise or old one, you are re-using for this exercise? If it's old one, can you give a try by creating fresh organization? In either case, if it still does not work, can you please add me - lokesh.h.k@in.ibm.com to your organization as admin, so that I can give a try from my side?

[AnisBH]

Hi ; Lokesh wecome of all yours questions :) the most important it works.

This test of creating certifications , create terminal type ..etc , today i have do it for 3 times ,, test and test again :'(

I have added you as Administrator , please check it on your side . Thanks a lot Lokesh :) ,

[Lokesh-K-Haralakatta]

Hi, No need to create the certificates repeatedly, once you have created properly following the steps, you can re-use the same certificates with different devices and organizations.

I"m asking about the Internet Of Things Service that you have added in your bluemix account. When did you add that service which is having org-id as qvz0qq into your bluemix account?

[AnisBH]

hi Lokesh ,

Thanks for all your help ^^,

I have created this service yesterday . please , it's work on your side ?? what's the probleme??

[Lokesh-K-Haralakatta]

Hi, Looks something strange with the organization. I have tried creating a another device according to my certificates and tried, I"m seeing different error of - Connection refused: Not authorized I have requested platform development team to have a look at the organization. Will keep you posted as we figure out the issue.

Thx, Loki..

[AnisBH]

Hi Lokesh ,

I created a new ibm a account, new service, i tried several tests on rpi ==> same problem. I switched to Ubuntu 16.04 => same problem.

Please Lokesh, could you verify with development team what exactly the problem because in few days I have to switch to paid account.

Thx for your help :) , Anis

[Lokesh-K-Haralakatta]

Hi, With your new organization, can you add one more parameter to device.json file:

"mqtt-server": "ORGID.messaging.internetofthings.ibmcloud.com"

Replace ORGID with your new organization id and give a try, then let us the results.

[Lokesh-K-Haralakatta]

Hi, Infact, I'm able to connect to your old organization - qvz0qq using my certificates with the above mentioned work around.

node ./deviceSample.js [BaseClient:connect] Connecting to IoTF with host : ssl://qvz0qq.messaging.internetofthings.ibmcloud.com:8883 [DeviceClient:connect] DeviceClient Connected using Client Side Certificates connected [DeviceClient:publish] Publishing to topic iot-2/evt/myevt/fmt/json with payload {"value":1} with QoS 2 [DeviceClient:publish] Publishing to topic iot-2/evt/myevt/fmt/json with payload {"value":2} with QoS 2

Here is the contents of device.json for your reference:

{ "org": "qvz0qq", "domain": "internetofthings.ibmcloud.com", "mqtt-server": "qvz0qq.messaging.internetofthings.ibmcloud.com", "type": "elevator", "id": "android", "auth-method": "token", "auth-token": "password", "use-client-certs": true, "client-ca": "/Users/lharalak/Documents/IoT/certificates/rootCA.pem", "client-cert": "/Users/lharalak/Documents/IoT/certificates/client.pem", "client-key": "/Users/lharalak/Documents/IoT/certificates/client.key" }

While creating client.csr, the CN should be of the form: d:elevator:android for the above given configuration details.

Regd the extra parameter, mqtt-server, I have delivered the fix, you can get that from my forked repo - https://github.com/Lokesh-K-Haralakatta/iot-nodejs.git if you don't want to use the work around, till it gets into main repo.

Give a try, should work!

[AnisBH]

Hi Lokesh, Thanks Lokesh, I appreciate your help :). I'm working with my colleague on this task, with him it's working correctly with your new modification but with me doesn't work. (I Don't know the problem)

Sorry to reply later because I was testing with him.

I'm sharing two screen shoot after using the new modification of mqtt-server .... Picture 1 => the same error on my Ubuntu 16.04

Picture 2 => it's working with my colleague.

Please lokesh , do you have an explanation about this !?

Thanks Lokesh, Anis

[Lokesh-K-Haralakatta]

Hi, I'm able to connect to your organization without any issues. I'm on MAC OS. Looking at some of the threads about the same issue on internet, if you are using proxy or firewall, then you need to add your CA to include your company's certificate chain like this: npm config set cafile="your_CA_file_here.pem"

Otherwise, I would suggest you to try executing this command: npm config set strict-ssl false

Then give a try executing deviceSample.js program.

[AnisBH]

hi ,

:/

VM ubuntu 16.04 :

Raspberry pi 3 :

maybe the probleme with my VM ubuntu ! but with raspbien also doesn't work !

Thx, :)

[AnisBH]

Hii Lokesh ,

Finally it works :D .

The problem was from the version of node js ,, on ubuntu it was v 4.2.6 and on raspbian the version is 4.8.0 ,, when i updated to 6.10.0 it works :)

Thxxxx Lokesh :)

Anis

[Lokesh-K-Haralakatta]

Good to know that!!!