Skip to content

Unable to Get Local Issuer Certificate #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
electric1490 opened this issue Apr 28, 2019 · 1 comment
Open

Unable to Get Local Issuer Certificate #1

electric1490 opened this issue Apr 28, 2019 · 1 comment

Comments

@electric1490
Copy link

Hey @keivanK1 !

Love the script. Works and pulls down the certificates from AWS IoT like a charm. However, I'm running into an issue actually getting these certificates to work/properly authenticate.

I keep getting "Unable to Get Local Issuer Certificate" when I pull down the certificates and use them to connect to AWS IoT. My hunch is that there is something going on with the x509 certificate. Below is the error is get when I run the jobs-agent.js:

pi@raspberrypi:~$ node jobs-agent.js -k "private.key" -c "root-CA.crt" -H "xxxxxxxxxxxxxxx.iot.us-east-2.amazonaws.com" -p 8883 -T "xxxxxx"

agent connection error { Error: unable to get local issuer certificate
    at TLSSocket.<anonymous> (_tls_wrap.js:1105:38)
    at emitNone (events.js:106:13)
    at TLSSocket.emit (events.js:208:7)
    at TLSSocket._finishInit (_tls_wrap.js:639:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:469:38) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }

The code I'm running to generate the certificates is below. For some reason, the certificates derived from the script below refuse to connect. Can you let me know if you see anything that looks wonky? Thanks so much for any insight you could provide!

import boto3

client = boto3.client('iot')
thing_name = "boto3_test_unit"

response = client.create_thing(
    thingName=thing_name
)

response = client.create_keys_and_certificate(
    setAsActive=True
)

pub_key = response['keyPair']['PublicKey']
priv_key = response['keyPair']['PrivateKey']
x509 = response['certificatePem']
cert_id = response['certificateId']
cert_arn = response['certificateArn']

with open('public.key', 'w') as outfile:
    outfile.write(pub_key)
with open('private.key', 'w') as outfile:
    outfile.write(priv_key)
with open('root-CA.crt', 'w') as outfile:
    outfile.write(x509)

response = client.attach_policy(
    policyName='MyIoTPolicy',
    target=cert_arn
)

response = client.attach_thing_principal(
    thingName=thing_name,
    principal=cert_arn
)
@keivanK1
Copy link
Owner

Hi @electric1490,
It can happen for several reason, please check the following aspects in AWS console:

  • The privacy which will be assigned to the certificate
  • They should be activated
  • They should be attached to the thing
  • If you copy and paste the certificates text into ".pem" and ".key" files, consider the "\n" at the end of each files.

Hope you could solve the problem, if so (or not) please let me know.

Regards,
Keivan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@keivanK1 @electric1490