Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

MQTT Client unable to connect to AWS IoT MQTT Broker

0

I'm unable to connect my C# code to AWS IoT MQTT Broker, however I'm able to connect using AWS MQTT Client to MQTT broker. I'm using M2MQTT as the MQTT Client in my C# code (https://www.nuget.org/packages/M2Mqtt). Note that .pfx file is created using openSSL using the certificate and private key downloaded from AWS IoT. The certificate is activated and attached to a thing. The rootca.crt is Amazon's root CA.

I keep getting error at Client.Connect(clientId)

"{uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException: Exception of type 'uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException' was thrown. at uPLibrary.Networking.M2Mqtt.MqttClient.SendReceive(Byte[] msgBytes, Int32 timeout) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId)

Below is my code

private const string IotEndpoint = "xxvf6ihlpxlxf6.iot.us-east-2.amazonaws.com";

    private const int BrokerPort = 8883;  

    private const string Topic = "GaneshM2MQTT/#";  
     var clientCert = new X509Certificate2("C:\\Program Files (x86)\\GnuWin32\\bin\\XXXX.pfx", "XXX#");  

            var caCert = X509Certificate.CreateFromCertFile("C:\\Program Files (x86)\\GnuWin32\\bin\\rootca.crt");  

            // create the client  
            var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);  
            //message to publish - could be anything  
            var message = "Test message";  
            string clientId = Guid.NewGuid().ToString();  
            //client naming has to be unique if there was more than one publisher  
            client.Connect(clientId);  
            //publish to the topic  
            client.Publish(Topic, Encoding.UTF8.GetBytes(message));

I'm unable to connect my C# code to AWS IoT MQTT Broker, however I'm able to connect using AWS MQTT Client to MQTT broker. I'm using M2MQTT as the MQTT Client in my C# code (https://www.nuget.org/packages/M2Mqtt). Note that .pfx file is created using openSSL using the certificate and private key downloaded from AWS IoT. The certificate is activated and attached to a thing. The rootca.crt is Amazon's root CA.

I keep getting error at Client.Connect(clientId)

"{uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException: Exception of type 'uPLibrary.Networking.M2Mqtt.Exceptions.MqttCommunicationException' was thrown. at uPLibrary.Networking.M2Mqtt.MqttClient.SendReceive(Byte[] msgBytes, Int32 timeout) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId, String username, String password, Boolean willRetain, Byte willQosLevel, Boolean willFlag, String willTopic, String willMessage, Boolean cleanSession, UInt16 keepAlivePeriod) at uPLibrary.Networking.M2Mqtt.MqttClient.Connect(String clientId)

Below is my code

private const string IotEndpoint = "xxvf6ihlpxlxf6.iot.us-east-2.amazonaws.com";

    private const int BrokerPort = 8883;  

    private const string Topic = "GaneshM2MQTT/#";  
     var clientCert = new X509Certificate2("C:\\Program Files (x86)\\GnuWin32\\bin\\XXXX.pfx", "XXX#");  

            var caCert = X509Certificate.CreateFromCertFile("C:\\Program Files (x86)\\GnuWin32\\bin\\rootca.crt");  

            // create the client  
            var client = new MqttClient(IotEndpoint, BrokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);  
            //message to publish - could be anything  
            var message = "Test message";  
            string clientId = Guid.NewGuid().ToString();  
            //client naming has to be unique if there was more than one publisher  
            client.Connect(clientId);  
            //publish to the topic  
            client.Publish(Topic, Encoding.UTF8.GetBytes(message));

I also looked at this link https://stackoverflow.com/questions/47793400/getting-authenticationexception-when-connect-m2mqtt-mqttclient-to-mosquitto-brok/48414980#48414980 and https://stackoverflow.com/questions/43993106/a-call-to-sspi-failed-see-inner-exception-paho-m2mqtt-dot-netc-client-ssl-tl?rq=1 where they fixed the issue by converting .crt to .pfx but in my case its Amazon Root CA , I'm not sure how I can convert to .pfx without private key. This looks like an authentication issue but not sure what is wrong.

Struggling with this issue for a while. Any help or implementation is appreciated.

Edited by: smanickam1983 on Jan 24, 2018 7:33 AM

Edited by: smanickam1983 on Jan 24, 2018 7:56 AM

Edited by: smanickam1983 on Jan 24, 2018 7:57 AM

Themen
Internet der Dinge (IoT)
Tags
AWS IoT Core
Sprache
English
smanickam1983
gefragt vor 6 Jahren1820 Aufrufe
4 Antworten
0

Guys , Any help will be appreciated , however I try using my C# code I get an exception. Is there an issue with Topic or Rules Engine?

Latest update is tried the below to diagnose the connectivity to Aws IOt and I get the below
OpenSSL> s_client -connect a2vf6ihlpxlxf6.iot.us-east-2.amazonaws.com:8443 -CAfi
le rootca.pem -cert 848511847e-certificate.pem.crt -key 848511847e-private.pem.k
ey
CONNECTED(00000180)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 200
6 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primar
y Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Syma
ntec Class 3 ECC 256 bit SSL CA - G2
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = *.iot
.us-east-2.amazonaws.com
verify return:1

Certificate chain
0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.iot.us-east-2.amazona
ws.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3
ECC 256 bit SSL CA - G2
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3
ECC 256 bit SSL CA - G2
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc.

  • For authorized use only/CN=VeriSign Class 3 Public Primary Certification Auth
    ority - G5

Server certificate
-----BEGIN CERTIFICATE-----
MIIEkDCCBDagAwIBAgIQPHX+MAHdo7nvctz2elyiVDAKBggqhkjOPQQDAjCBgDEL
MAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMR8wHQYD
VQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMTEwLwYDVQQDEyhTeW1hbnRlYyBD
bGFzcyAzIEVDQyAyNTYgYml0IFNTTCBDQSAtIEcyMB4XDTE3MTAxMjAwMDAwMFoX
DTE4MTAxMzIzNTk1OVowdzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0
b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x
JjAkBgNVBAMMHSouaW90LnVzLWVhc3QtMi5hbWF6b25hd3MuY29tMFkwEwYHKoZI
zj0CAQYIKoZIzj0DAQcDQgAE2Lsr3j7KdnkNDgajBtnsgGiZn+4KNPT1gQeUNKPS
gBGaaBol6tJ8xDLIwXlKw4OkevyPUYP5FxjHTmYWzciZmqOCApgwggKUMEUGA1Ud
EQQ+MDyCG2lvdC51cy1lYXN0LTIuYW1hem9uYXdzLmNvbYIdKi5pb3QudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCB4AwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EMAQIC
MEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsGAQUF
BwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFCXwiuFL
etkBlQrtxlPxjHgf2fP4MCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9yYy5zeW1j
Yi5jb20vcmMuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0cDov
L3JjLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3JjLnN5bWNiLmNvbS9y
Yy5jcnQwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDd6x0reg1PpiCLga2BaHB+
Lo6dAdVciI09EcTNtuy_zAAAAV8SiCRyAAAEAwBIMEYCIQDmOnouIp_qOjqKTJH+
L498RmggrqeYSkHKypZSWRM1CwIhAJ+RYaTdepptcIbmaleKuDp0dNfhKPhA4Fgw
EuQVY/G7AHYApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFfEogk
pgAABAMARzBFAiAN6ptj++R2uRuVfLxMAd3ZIz3RtboR9Yo/WraUILg4GgIhAJm0
g7CsP3o3Gwy9ykrYod2Qw/cHTDZQ9BDhPgeM8ZYCMAoGCCqGSM49BAMCA0gAMEUC
IQD+3PGoXbXmTgKABms0IGg3vS7kFVGeEIOvXBtgB7pHpQIgYP4wms/d59KnYUAZ
YmUc7a45PjzqGWllA9Pb29yJ1fs=
-----END CERTIFICATE-----
subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.iot.us-east-2.amaz
onaws.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class
3 ECC 256 bit SSL CA - G2

No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA_SHA512:RSA_SHA512:ECDSA_SHA384:RSA_SHA384:
ECDSA_SHA256:RSA_SHA256:DSA_SHA256:ECDSA_SHA224:RSA_SHA224:DSA_SHA224:ECDSA+SHA1
:RSA_SHA1:DSA_SHA1
Shared Requested Signature Algorithms: ECDSA_SHA512:RSA_SHA512:ECDSA_SHA384:RSA_
SHA384:ECDSA_SHA256:RSA_SHA256:DSA_SHA256:ECDSA_SHA224:RSA_SHA224:DSA_SHA224:ECD
SA_SHA1:RSA_SHA1:DSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 2646 bytes and written 1448 bytes
Verification: OK

New, TLSv1.2, Cipher is ECDHE-ECDSA-AES256-GCM-SHA384
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES256-GCM-SHA384
Session-ID: 5A6966ECD373E7987DCF2239470B3B65BF5F4BBE77264B1FCACB98C39616937C

Session-ID-ctx:  
Master-Key: 249B74E8C667B48A9858C9DB7566B4A2147CB479D73DA1049B9525768F425CE1

5110AE7CBB08EC516A6474F2D083F27E
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1516857067
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no

Edited by: smanickam1983 on Jan 24, 2018 8:12 PM

Edited by: smanickam1983 on Jan 24, 2018 8:19 PM

Edited by: smanickam1983 on Jan 24, 2018 8:19 PM

Edited by: smanickam1983 on Jan 24, 2018 9:12 PM

Edited by: smanickam1983 on Jan 24, 2018 9:17 PM

smanickam1983
beantwortet vor 6 Jahren
0

Another Update
Microsoft Telnet> open a2vf6ihlpxlxf6.iot.us-east-2.amazonaws.com 8883
Connecting To a2vf6ihlpxlxf6.iot.us-east-2.amazonaws.com...

Connection to host lost.

What could be the problem?

smanickam1983
beantwortet vor 6 Jahren
0

Just in case you still looking for an answer
You MUST make a change in policy to allow to connect
The easiest one.
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Receive",
"iot:Connect"
],
"Resource": "*"
}

gevorgter
beantwortet vor 6 Jahren
0

Quick and speedy response. Question asked in Jan 2018 and response in June 2018. Does aws ever answer question in a day or two.. ? Disappointing..

Edited by: smanickam1983 on Nov 18, 2018 4:48 PM

smanickam1983
beantwortet vor 5 Jahren

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt