Open
Description
Hey @keivanK1 !
Love the script. Works and pulls down the certificates from AWS IoT like a charm. However, I'm running into an issue actually getting these certificates to work/properly authenticate.
I keep getting "Unable to Get Local Issuer Certificate" when I pull down the certificates and use them to connect to AWS IoT. My hunch is that there is something going on with the x509 certificate. Below is the error is get when I run the jobs-agent.js:
pi@raspberrypi:~$ node jobs-agent.js -k "private.key" -c "root-CA.crt" -H "xxxxxxxxxxxxxxx.iot.us-east-2.amazonaws.com" -p 8883 -T "xxxxxx"
agent connection error { Error: unable to get local issuer certificate
at TLSSocket.<anonymous> (_tls_wrap.js:1105:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:639:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
The code I'm running to generate the certificates is below. For some reason, the certificates derived from the script below refuse to connect. Can you let me know if you see anything that looks wonky? Thanks so much for any insight you could provide!
import boto3
client = boto3.client('iot')
thing_name = "boto3_test_unit"
response = client.create_thing(
thingName=thing_name
)
response = client.create_keys_and_certificate(
setAsActive=True
)
pub_key = response['keyPair']['PublicKey']
priv_key = response['keyPair']['PrivateKey']
x509 = response['certificatePem']
cert_id = response['certificateId']
cert_arn = response['certificateArn']
with open('public.key', 'w') as outfile:
outfile.write(pub_key)
with open('private.key', 'w') as outfile:
outfile.write(priv_key)
with open('root-CA.crt', 'w') as outfile:
outfile.write(x509)
response = client.attach_policy(
policyName='MyIoTPolicy',
target=cert_arn
)
response = client.attach_thing_principal(
thingName=thing_name,
principal=cert_arn
)
Metadata
Metadata
Assignees
Labels
No labels