[AWS Greengrass] Core device fails to connect to AWS IoT Core over Charles proxy.

Question

I am trying to connect my Core device (Raspberry Pi 3 Model B) over [Charles Proxy](https://www.charlesproxy.com/overview/about-charles/).

1. I set up the Charles proxy on my laptop.
2. I updated the Nucleus configuration by deployment.
```
{
  "networkProxy": {
    "proxy": {
      "url": "http://192.168.0.38:8888"
    }
  }
```
3. Added the Charles Root Certificate to the core device's Amazon root CA certificate file as it is described in [Enable the core device to trust an HTTPS proxy](https://docs.aws.amazon.com/greengrass/v2/developerguide/configure-greengrass-core-v2.html#https-proxy-certificate-trust).

**Actual result:** The device cannot connect to AWS IoT Core.

```
2023-04-04T12:44:19.588Z [INFO] (pool-2-thread-12) com.aws.greengrass.mqttclient.AwsIotMqttClient: Connecting to AWS IoT Core. {clientId=rpi_3_B}
2023-04-04T12:44:22.102Z [ERROR] (Thread-4) com.aws.greengrass.mqttclient.AwsIotMqttClient: Unable to connect to AWS IoT Core. {clientId=rpi_3_B}
software.amazon.awssdk.crt.mqtt.MqttException: socket is closed.
        at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:140)

2023-04-04T12:44:22.110Z [ERROR] (pool-2-thread-12) com.aws.greengrass.mqttclient.MqttClient: Error when publishing from spooler. {}
java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: socket is closed.
        at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
        at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
        at com.aws.greengrass.mqttclient.MqttClient.runSpooler(MqttClient.java:659)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: software.amazon.awssdk.crt.mqtt.MqttException: socket is closed.
        at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:140)
```
![Here are the logs received from Charles:](/media/postImages/original/IMVypX5Is2RciUFUl--DS-TA)
Unfortunately, I cannot attach .csv or .chls files.

**Any idea why AWS IoT Core is terminating the connection?**

Accepted Answer

AWS IoT Greengrass uses TLS mutual authentication to connect to AWS IoT Core: https://docs.aws.amazon.com/greengrass/v2/developerguide/device-auth.html#:~:text=Communication%20between%20core%20devices%20and%20client%20devices%20and%20between%20devices%20and%20AWS%20IoT%20Core%20or%20AWS%20IoT%20Greengrass%20must%20be%20authenticated.%20This%20mutual%20authentication%20is%20based%20on%20registered%20X.509%20device%20certificates%20and%20cryptographic%20keys..

TLS mutual auth prevents introspecting proxies from working by design, for security.

You must use a transparent proxy which does not intercept and modify the TLS connection.
Additionally, you have set the proxy for "http" and not "https". Use "https" if the connection to the proxy itself should use TLS.

Cheers,

Michael

[AWS Greengrass] Core device fails to connect to AWS IoT Core over Charles proxy.

관련 콘텐츠