I built an MQTT client in Java using Amazon's provided SDK (software.amazon.awssdk.crt.mqtt.MqttClientConnection, and related classes).
I've been testing it by running it on my workstation, and it's been working fine.
Today I tried running the same code on an EC2 instance, and got this exception. I can't figure out why.
java.util.concurrent.ExecutionException: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed
at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:357)
at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1928)
at cgp.aws.IOTSubscriber.<init>(IOTSubscriber.java:105)
at cgp.Thing.main(Thing.java:23)
Caused by: software.amazon.awssdk.crt.mqtt.MqttException: TLS (SSL) negotiation failed
at software.amazon.awssdk.crt.mqtt.MqttClientConnection.onConnectionComplete(MqttClientConnection.java:139)
AWS 官方已更新 9 個月前
Yes, I double-checked all of those things. Could it be some sort of a permissions issue where the EC2 user doesn't have permission to open the required TCP ports?
TLS negotiation occurs after the TCP connection is established. So if the error can be taken it face value, it strongly suggests a problem with one of the certificates or with the private key. TLS handshake can also fail due to a timeout, but if your EC2 instance and IoT Core are in the same region, this should not be a factor. What timeout are you using?
Ten seconds, but the error appears much sooner than that. I'll check the certificates again. Maybe it's a permissions issue on the certificate files.
I tried renaming my certificate and key files to see if this would produce a different error, and it did. So that tells me that Java is able to read the files. I also tried editing the files and changing one of the characters in the key or certificate itself, and this again produced a different error. So that tells me it's probably interpreting the key and certificate correctly.
I also tried running the Java command as superuser, figuring the issue might be related to permissions, but that didn't help.