By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Local device cannot connect to Greengrass Core

0

Using the Python version of the SDK, you can connect to the greengrade core normally through MQTT, but running the greengrade local auth demo in CSDK cannot connect to the greengrade core. The logs of the greengrade core are continuously printed in a loop:

2023-04-20T11:43:38.636Z [INFO] (nioEventLoopGroup-7-23) io.moquette.broker.metrics.MQTTMessageLogger: Channel Inactive. {}

2023-04-20T11:43:41.511Z [INFO] (nioEventLoopGroup-7-24) io.moquette.broker.MoquetteIdleTimeoutHandler: Firing channel inactive event. MqttClientId = null.. {}

The SDK on the device side keeps printing error:

[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:302] SSL_ connect failed to perform TLS handshake.

[ERROR] [Transport_OpenSSL_Sockets] [openssl_posix.c:721] Failed to establish a TLS connection.

[ERROR] [DEMO] [greengrass_demo_local_auth.c:370] Connection to the broker failed, all attempts exhausted.

[ERROR] [DEMO] [greengrass_demo_local_auth.c:906] Failed to connect to MQTT broker 10.0.78.18.

How to solve it?

Topics
Internet of Things (IoT)
Tags
AWS IoT Greengrass
Language
English
rePost-User-9505214
asked a year ago253 views
1 Answer
0

Hello,

As a sanity check, is Client Device Auth component configured with certificateAuthority as mentioned here? More information on configuring custom CAs can be found here.

Are there any ERROR logs in greengrass.log for client device auth component?

AWS
Joseph Cosentino
answered a year ago
  • leo
    a year ago

    Hi, Joseph Cosentino, I am sure certificateAuthority is no problem. When using the same cloud configuration, there is no problem with the Python SDK and C++SDK, the device can connect to ggcore normally through mqtt.

  • MichaelDombrowski-AWS EXPERT
    a year ago

    If you're able to connect with other SDKs the most likely you did not configure your current client to trust the certificate authority used by the Greengrass broker

  • leo
    a year ago

    Hi, MichaelDombrowski On greengrass core pc, created costomerCA used openssl command as follows: openssl genrsa -out ca.key 2048 openssl req -x509 -new -nodes -key ca.key -sha256 -days 1826 -out ca.crt

    Do I need to do anything else ?

  • MichaelDombrowski-AWS EXPERT
    a year ago

    OK, so why are you creating your own CA? If this is working for you using the Python and C++ SDKs then you should follow their implementation to use the Greengrass Discovery API in order to get the correct CA to use when connecting to Greengrass. You cannot just make your own CA and do nothing else. If you want to use your own CA then you would need to configure Greengrass to actually use it. I recommend that you do not use your own CA right now, use the one generated by Greengrass.

    Follow these instructions to use your own CA: https://docs.aws.amazon.com/greengrass/v2/developerguide/connecting-to-mqtt.html#use-your-own-CA.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content