By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

[AWS Greengrass] Core device fails to connect to AWS IoT Core over Charles proxy.

0

I am trying to connect my Core device (Raspberry Pi 3 Model B) over Charles Proxy.

  1. I set up the Charles proxy on my laptop.
  2. I updated the Nucleus configuration by deployment.
{
  "networkProxy": {
    "proxy": {
      "url": "http://192.168.0.38:8888"
    }
  }
  1. Added the Charles Root Certificate to the core device's Amazon root CA certificate file as it is described in Enable the core device to trust an HTTPS proxy.

Actual result: The device cannot connect to AWS IoT Core.

2023-04-04T12:44:19.588Z [INFO] (pool-2-thread-12) com.aws.greengrass.mqttclient.AwsIotMqttClient: Connecting to AWS IoT Core. {clientId=rpi_3_B}
2023-04-04T12:44:22.102Z [ERROR] (Thread-4) com.aws.greengrass.mqttclient.AwsIotMqttClient: Unable to connect to AWS IoT Core. {clientId=rpi_3_B}
software.amazon.awssdk.crt.mqtt.MqttException: socket is closed.
        at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:140)

2023-04-04T12:44:22.110Z [ERROR] (pool-2-thread-12) com.aws.greengrass.mqttclient.MqttClient: Error when publishing from spooler. {}
java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: socket is closed.
        at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:395)
        at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1999)
        at com.aws.greengrass.mqttclient.MqttClient.runSpooler(MqttClient.java:659)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: software.amazon.awssdk.crt.mqtt.MqttException: socket is closed.
        at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:140)

Here are the logs received from Charles: Unfortunately, I cannot attach .csv or .chls files.

Any idea why AWS IoT Core is terminating the connection?

Topics
Internet of Things (IoT)Developer Tools
Tags
AWS IoT GreengrassAWS IoT CoreDeveloper Tools
Language
English
Vadzim
asked a year ago534 views
1 Answer
1
Accepted Answer

AWS IoT Greengrass uses TLS mutual authentication to connect to AWS IoT Core: https://docs.aws.amazon.com/greengrass/v2/developerguide/device-auth.html#:~:text=Communication%20between%20core%20devices%20and%20client%20devices%20and%20between%20devices%20and%20AWS%20IoT%20Core%20or%20AWS%20IoT%20Greengrass%20must%20be%20authenticated.%20This%20mutual%20authentication%20is%20based%20on%20registered%20X.509%20device%20certificates%20and%20cryptographic%20keys..

TLS mutual auth prevents introspecting proxies from working by design, for security.

You must use a transparent proxy which does not intercept and modify the TLS connection. Additionally, you have set the proxy for "http" and not "https". Use "https" if the connection to the proxy itself should use TLS.

Cheers,

Michael

AWS
EXPERT
MichaelDombrowski-AWS
answered a year ago
profile picture
EXPERT
Giovanni Lauria
reviewed 20 days ago
  • Vadzim
    a year ago

    I understand. Thank you for such a quick response!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content