Certificate configuration parameter problems connecting to AWS IOT

Question

Trying to get my node.js IOT example working but not sure what configuration I need to set to pass to my thingShadow constructor awsIot.thingShadow(config)

This is the sample config I get from the AWS dashboard

{
  "host": "foo.iot.us-east-1.amazonaws.com",
    "port": 8883,
    "clientId": "bar",
    "thingName": "bar",
    "caCert": "root-CA.crt",
    "clientCert": "bar-certificate.pem.crt",
    "privateKey": "bar-private.pem.key"
}

However this is the constructor I set based on the sdk readme

{
  keyPath: 'bar-private.pem.key',
  certPath: 'bar-certificate.pem.crt',
  caCert: "root-CA.crt",
  clientId: 'bar'
}

I get the error

events.js:141 throw er; // Unhandled 'error' event ^

Error: unable to get local issuer certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1017:38)
    at emitNone (events.js:67:13)
    at TLSSocket.emit (events.js:166:7)
    at TLSSocket._init.ssl.onclienthello.ssl.oncertcb.TLSSocket._finishInit (_tls_wrap.js:582:8)
    at TLSWrap.ssl.onclienthello.ssl.oncertcb.ssl.onnewsession.ssl.onhandshakedone (_tls_wrap.js:424:38)

What is caCert based on - is that a cert that I have in my local path? If so where do I get it from, the dashboard as a download somewhere? Am I sending the right certificate files for privateKey?

Answer 1

So the issue was the root-CA.crt file. I found mine from the node_modules directory in the aws library and that was not valid.

I needed to get the crt file from https://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem

As noted in this doc http://docs.aws.amazon.com/iot/latest/developerguide/iot-device-sdk-node.html