By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Problem connecting to AWS IOT using M2Mqtt

0

I am having issues connecting to AWS IOT using the following code:

            try
            {
                X509Certificate caCert = X509Certificate.CreateFromCertFile(AWSRootCertPath.Text);
                X509Certificate clientCert = X509Certificate.CreateFromCertFile(thingCertPath.Text);

                var client = new MqttClient(awsEndpoint.Text, brokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);
                client.Connect(clientId.Text);
            }
            catch (Exception exception)
            {
                Debug.WriteLine(exception);
            }

I get the exception:

uPLibrary.Networking.M2Mqtt.Exceptions.MqttConnectionException: Exception connecting to the broker ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.

I suspect that it is the wrong cert file for the thing. My caCert file is the AmazonRootCA1.pem file. I have tried all three crt files that can be downloaded when the thing is created:

[bunch of number removed]-certificate.pem.crt

[bunch of number removed]-public.pem.key

[bunch of number removed]-private.pem.key

I know that there are ways to use the key files that AWS provides (listed above). We have used them in the past on IOT Gateway hardware using NodeRed. This project has to be c# though.

Any help would be appreciated.

  • Gavin_A
    2 years ago

    Can you confirm you are using the XXXXXX-ats.iot.REGION.amazonaws.com endpoint? Also, is your certificate activated in IoT Core and does it have an IoT policy allowing the iot:Connect action?

  • flycast
    2 years ago

    Good thoughts.

    Yes, I have the correct endpoint and it is being used by my connect command.

    The certificate attached to that thing is active.

    The policy allows publish and subscribe to any topic.

Topics
Internet of Things (IoT)
Tags
AWS IoT CoreInternet of Things (IoT)
Language
English
flycast
asked 2 years ago813 views
2 Answers
0

Hi,

Thanks for reaching out. Can you kindly send a link of the documentation that you are following to connect to AWS IoT using M2Mqtt? I've tried checking it in github but I cannot seem to find a similar constructor as the one in the above code. Though please note that I am not familiar with M2Mqtt.

Based on the below code, the private key file seems to be missing when trying to connect to AWS IoT

var client = new MqttClient(awsEndpoint.Text, brokerPort, true, caCert, clientCert, MqttSslProtocols.TLSv1_2);

In terms of certificates, you would need normally need to specify the following:

  1. The cafile which is the path to the trusted CA certificate. This is AmazonRootCA1.pem
  2. The cert file which is client certificate. This is [bunch of number removed]-certificate.pem.crt when creating the device via the AWS IoT console
  3. The key file which is the client private key. This is [bunch of number removed]-private.pem.key when creating the device via the AWS IoT console

Here is an example when using mosquitto_pub:

$ mosquitto_pub -t 'topic_1' -m "Hello from Mosquitto" --id "basicPubSub" --cert [bunch of number removed]-certificate.pem.crt --key [bunch of number removed]-private.pem.key --cafile AmazonRootCA1.pem -h [ATS_ENDPOINT] -p 8883

You can use the above command with mosquitto_pub to confirm if your certificates can connect to IoT. You can use the IoT console to subscribe to topic_1 and then run the above snippet. Please do note that the policy should allow publishing to topic_1 and the clientid to be "basicPubSub".

Here is another sample publish example(In Python) that can be seen from our documentation -> https://docs.aws.amazon.com/iot/latest/developerguide/sdk-tutorials.html#sdk-tutorials-experiment. Again, we can see the above 3 files are required.

Please review the M2Mqtt documentation and check why it seems there are only 2 files provide in the arguments, specifically caCert and clientCert.

AWS
SUPPORT ENGINEER
Ryan_A
answered 2 years ago
0

Hi,

here is a working sample to connect to AWS IoT using the C# M2MQTT library:

https://github.com/aws-samples/iot-dotnet-publisher-consumer

The main difference compared to your code is that the client credentials (certificate and private key) must be bundled in a PFX file.

Check also that you are NOT using the .NET micro framework since it only supports TLSv1.

AWS
EXPERT
MassimilianoAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content