Using the Python version of the SDK, you can connect to the greengrade core normally through MQTT, but running the greengrade local auth demo in CSDK cannot connect to the greengrade core. The logs of the greengrade core are continuously printed in a loop:
2023-04-20T11:43:38.636Z [INFO] (nioEventLoopGroup-7-23) io.moquette.broker.metrics.MQTTMessageLogger: Channel Inactive. {}
2023-04-20T11:43:41.511Z [INFO] (nioEventLoopGroup-7-24) io.moquette.broker.MoquetteIdleTimeoutHandler: Firing channel inactive event. MqttClientId = null.. {}
The SDK on the device side keeps printing error:
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:302] SSL_ connect failed to perform TLS handshake.
[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:721] Failed to establish a TLS connection.
[ERROR] [DEMO] [greengrass_demo_local_auth.c:370] Connection to the broker failed, all attempts exhausted.
[ERROR] [DEMO] [greengrass_demo_local_auth.c:906] Failed to connect to MQTT broker 10.0.78.18.
How to solve it?
AWS公式更新しました 1年前
Hi, Joseph Cosentino, I am sure certificateAuthority is no problem. When using the same cloud configuration, there is no problem with the Python SDK and C++SDK, the device can connect to ggcore normally through mqtt.
If you're able to connect with other SDKs the most likely you did not configure your current client to trust the certificate authority used by the Greengrass broker
Hi, MichaelDombrowski On greengrass core pc, created costomerCA used openssl command as follows: openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 1826 -out ca.crt
Do I need to do anything else ?
OK, so why are you creating your own CA? If this is working for you using the Python and C++ SDKs then you should follow their implementation to use the Greengrass Discovery API in order to get the correct CA to use when connecting to Greengrass. You cannot just make your own CA and do nothing else. If you want to use your own CA then you would need to configure Greengrass to actually use it. I recommend that you do not use your own CA right now, use the one generated by Greengrass.
Follow these instructions to use your own CA: https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html#use-your-own-CA.