Hello!
I'm having a hard time authenticating to my basic AWS IoT endpoint using certificates generated by my own (Non AWS) CA.
I have registered my subordinate CA by completing the steps outlined in this document https://docs.aws.amazon.com/iot/latest/developerguide/create-CA-verification-cert.html?icmpid=docs_iot_console_secure_ca_reg.
The certificate authority has been set to active in the console.
I am attempting to use the AWS MQTT Mutual Auth demo, and the header file has been modified to use the correct certs and target the correct endpoint.
For context, the demo succeeds when using a certificate generated by AWS and providing the AmazonRootCA1.crt as the CA File.
However, even after manually registering my generated certificate (where the CN matches the name of the device it is attached to) and attaching the same policy used for the AWS generated cert, I keep getting a TLS handshake fail.
I can get a openssl s_client -connect to succeed by supplying the same certificates I am using in the demo as outlined here https://docs.aws.amazon.com/iot/latest/developerguide/diagnosing-connectivity-issues.html.
I have tried adding both the intermediate and root ca certs in the device cert to complete the trust chain but still no luck as well.
Any input would be greatly appreciated!!
AWS OFFICIALUpdated 2 years ago
I am indeed using the AmazaonRootCa1.crt for the CA cert in the demo
Can you please share the output from the mutual auth demo?
Hey Greg, apologies for the delay. I uploaded a screencap of the output from the demo run with the registered device cert and AWS root cert.