AWS IoT Console / An unexpected error has occurred. Cannot read public key. OID is not RSA.

Question

I have registered certificates to IoT Core and I use these certificates in my device to connect to IoT MQTT endpoint. Today the certificates stopped working, my device connection disconnects due to: "disconnectReason": "CLIENT_ERROR".

If I go to IoT Console to look details for the registered certificate (AWS IoT > Secure > Certificates > cert_id), the web UI for IoT Console hangs with error message:
An unexpected error has occurred. Cannot read public key. OID is not RSA.

Devices with certificates that are created in AWS can connect and the details for those certificated open in IoT Console.

Any idea what is wrong?

Answer

Hi, thanks for bringing this to our attention.

This is an repeatable error when using the new console experience, and has been escalated to be researched and resolved. This has no impact on any use of the ECC certificates. I created and registered an ECC certificate using the CLI and mosquitto on 22-Jan-2022 and all was working correctly then. If you do have connectivity problems, enable logging from the AWS IoT Console->Settings, and then review the logs in CloudWatch Logs.

In the meantime, you can turn off the new console experience from the AWS IoT Console at the bottom of the left menu pane, under the Documentation link.

Answer

Something apparently broke last week as it was working before. It affects ECDSA certificates as it is hinted in the message. A workaround is to switch the "new console experience" off to view the page.

AWS IoT Console / An unexpected error has occurred. Cannot read public key. OID is not RSA.

Conteúdo relevante