尝试使用自定义客户端证书连接到aws IoT时遇到了AWS_IO_FILE_VALIDATION_FAILURE调试问题。
0
【以下的问题经过翻译处理】 我尝试运行 basic_connect 的示例代码,但在使用以下参数运行时:
basic_connect.exe --client_id "ME" --endpoint "*-ats.iot.eu-west-1.amazonaws.com" --cert "<>/MyCertificate.crt" --key "<>/MyPrivate.key" --verbosity "Debug"
我收到以下输出:
[DEBUG] [2022-09-29T13:02:54Z] [00001648] [mqtt-client] - client=*: Initalizing MQTT client
[DEBUG] [2022-09-29T13:02:56Z] [00001648] [tls-handler] - static: This library was built with Windows 8.1 or later, probing OS to see what we're actually running on.
[DEBUG] [2022-09-29T13:02:56Z] [00001648] [tls-handler] - static: We're running on Windows 8.1 or later. ALPN is available.
[DEBUG] [2022-09-29T13:02:56Z] [00001648] [tls-handler] - static: This library was built with Windows 8.1 or later, probing OS to see what we're actually running on.
[DEBUG] [2022-09-29T13:02:56Z] [00001648] [tls-handler] - static: We're running on Windows 8.1 or later. ALPN is available.
[DEBUG] [2022-09-29T13:02:56Z] [00001648] [tls-handler] - static: certificate and key have been set, setting them up now.
[INFO] [2022-09-29T13:02:56Z] [00001648] [pki-utils] - static: loading certificate chain with 1 certificates.
[ERROR] [2022-09-29T13:03:04Z] [00001648] [pki-utils] - static: no acceptable private key found, error AWS_IO_FILE_VALIDATION_FAILURE
[ERROR] [2022-09-29T13:03:04Z] [00001648] [tls-handler] - static: failed to import certificate
1 回答
- 最新
- 投票最多
- 评论最多
0
【以下的回答经过翻译处理】 你好。你的 openssl 命令生成了一个 PKCS#8 格式 的 PEM 密钥文件,而当 AWS IoT Core 生成密钥时,返回的是 PKCS#1 格式。因此,你的密钥文件有一个 "BEGIN PRIVATE KEY" 头而不是 "BEGIN RSA PRIVATE KEY"。我不熟悉 CryptDecodeObjectEx(),但我认为 PKCS_RSA_PRIVATE_KEY 参数可能需要 PKCS#1。
因此,你可以按照这里的文档生成自己的密钥和证书:https://docs.aws.amazon.com/iot/latest/developerguide/create-device-cert.html。