AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed

0

I built an MQTT client in Java using Amazon's provided SDK (software.amazon.awssdk.crt.mqtt.MqttClientConnection, and related classes).

I've been testing it by running it on my workstation, and it's been working fine.

Today I tried running the same code on an EC2 instance, and got this exception. I can't figure out why.

java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357) at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1928) at cgp.aws.IOTSubscriber.<init>(IOTSubscriber.java:105) at cgp.Thing.main(Thing.java:23) Caused by: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:139)

주제
사물 인터넷(IoT)애플리케이션 통합
태그
사물 인터넷(IoT)아마존 MQ
언어
English
Frank
질문됨 2년 전1415회 조회
1개 답변
0

Hi Frank. Are you sure you're using the same device cert, same private key, same root CA, same endpoint and same client ID as what you used on your workstation?

profile pictureAWS
전문가
Greg_B
답변함 2년 전
  • Frank
    2년 전

    Yes, I double-checked all of those things. Could it be some sort of a permissions issue where the EC2 user doesn't have permission to open the required TCP ports?

  • Greg_B 전문가
    2년 전

    TLS negotiation occurs after the TCP connection is established. So if the error can be taken it face value, it strongly suggests a problem with one of the certificates or with the private key. TLS handshake can also fail due to a timeout, but if your EC2 instance and IoT Core are in the same region, this should not be a factor. What timeout are you using?

  • Frank
    2년 전

    Ten seconds, but the error appears much sooner than that. I'll check the certificates again. Maybe it's a permissions issue on the certificate files.

  • Frank
    2년 전

    I tried renaming my certificate and key files to see if this would produce a different error, and it did. So that tells me that Java is able to read the files. I also tried editing the files and changing one of the characters in the key or certificate itself, and this again produced a different error. So that tells me it's probably interpreting the key and certificate correctly.

  • Frank
    2년 전

    I also tried running the Java command as superuser, figuring the issue might be related to permissions, but that didn't help.

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠