Unable to authenticate to AWS IoT using private CA

0

Hello!

I'm having a hard time authenticating to my basic AWS IoT endpoint using certificates generated by my own (Non AWS) CA.

I have registered my subordinate CA by completing the steps outlined in this document https://docs.aws.amazon.com/iot/latest/developerguide/create-CA-verification-cert.html?icmpid=docs_iot_console_secure_ca_reg.

The certificate authority has been set to active in the console.

I am attempting to use the AWS MQTT Mutual Auth demo, and the header file has been modified to use the correct certs and target the correct endpoint.

For context, the demo succeeds when using a certificate generated by AWS and providing the AmazonRootCA1.crt as the CA File.

However, even after manually registering my generated certificate (where the CN matches the name of the device it is attached to) and attaching the same policy used for the AWS generated cert, I keep getting a TLS handshake fail.

I can get a openssl s_client -connect to succeed by supplying the same certificates I am using in the demo as outlined here https://docs.aws.amazon.com/iot/latest/developerguide/diagnosing-connectivity-issues.html.

I have tried adding both the intermediate and root ca certs in the device cert to complete the trust chain but still no luck as well.

Any input would be greatly appreciated!!

2 個答案
1

Hi mcjesse. What CA cert are you passing to the Mutual Auth demo? It should still be AmazonRootCA1.crt. Just clarifying on that point because people often get confused about it.

profile pictureAWS
專家
Greg_B
已回答 2 年前
  • I am indeed using the AmazaonRootCa1.crt for the CA cert in the demo

  • Can you please share the output from the mutual auth demo?

  • Hey Greg, apologies for the delay. I uploaded a screencap of the output from the demo run with the registered device cert and AWS root cert.

0

Enter image description here

mcjesse
已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南