I want a custom domain for my mqtt endpoint like mqtt.abc.example.org.
I followed this guide https://aws.amazon.com/it/blogs/iot/migrating-devices-aws-iot-custom-domains/
All seems to be correct compared with screenshot on guide, but when I do
mosquitto_pub --cert test-2022b.pem --key test-2022b.key -h mqtt.abc.example.org -p 8883 -d -t 'test/pippo' -i pub -m "Ciao mondo" --tls-version tlsv1.2 --cafile AmazonRootCA1.pem
I got:
Client pub sending CONNECT
OpenSSL Error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Success
I also tried with this Python srcipt:
from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient
myMQTTClient = AWSIoTMQTTClient("myClientID")
myMQTTClient.configureEndpoint("mqtt.abc.example.org", 8883)
myMQTTClient.configureCredentials("AmazonRootCA1.pem", "test-2022b.key", "test-2022b.pem")
myMQTTClient.connect()
Result: ssl.SSLCertVerificationError: ("hostname 'mqtt.abc.example.org' doesn't match either of 'iot.eu-west-3.amazonaws.com', '*.iot.eu-west-3.amazonaws.com'",)
If I use xxxxxxxxx-ats.iot.eu-west-3.amazonaws.com it works.
Server side I use a certificate issued by aws.
I have different results. On windows machine I get always
Verify return code: 20 (unable to get local issuer certificate) On linux machine, 1 works, the other give me the seme error as windows machine.
If I add to openssl --CAfile AmazonRootCA1.pem it works on every machine.
What is the output when it works? In particular, what CN is returned?