1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
Hello,
The certificate will need to be attached to the thing, just like the AWS generated certificate was. It will also need to have appropriate IoT Policies attached to it so that the certificate is allowed to call the discovery APIs.
What is the IoT Policy that you attached to the new certificate? Did you associate the certificate with the client device's thing?
Cheers,
Michael
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
Hi Michael
Currently the device that i'm testing with has both the original AWS-signed certificate, and the new custom CA-signed cert attached. Both certificates have the same IoT Policy attached to it, that amongst other things contains:
{ "Effect": "Allow", "Action": "greengrass:Discover", "Resource": "*" }
Can you verify that the certificate you are using is correctly registered in AWS IoT by using that certificate to connect to AWS IoT Core using an MQTT client? Mosquitto for example is a command line client which will work to determine this.
If you are able, I would recommend that you open a case with AWS support so that they can investigate your specific account settings.
Thanks for your suggestion :) - i tried the following: mosquitto_pub -h <account_id>-ats.iot.eu-central-1.amazonaws.com -p 8883 -t hello -m hello --cafile AmazonRootCA1.pem --cert device.pem.crt --key private.pem.key -i <client_id>
With both sets of key/certificate it works without issue. I will see if i can open a case.
Please try doing discovery using your IoT Core account-specific endpoint instead of the "shared" greengrass-ats endpoint. Find the correct endpoint in the AWS IoT Console or using the describe-endpoint command with the input
iot:Data-ATS
.