Reputation: 95
AWS IoT MQTT using WebSocket : CERTIFICATE_VERIFY_FAILED
I am trying to setup AWS IoT using a Python script as mentioned in this link:
I am able to connect on AWS IoT MQTT without WebSocket (used x.509 certificate).
# creates the AWS IoT
def createIoT():
iot = AWSIoTMQTTShadowClient('AWSHome')
# update this with your own endpoint from the IOT dashboard
iot.configureEndpoint('allj.iot.reg.amazonaws.com', 443)
iot.configureCredentials('rootCA','private.key','certificate.crt')
iot.configureConnectDisconnectTimeout(10) # 10 sec
iot.configureMQTTOperationTimeout(5) # 5 sec
iot.connect()
return
But When I try to connect on AWS IoT MQTT with WebSocket, I get the following error:
Using the certificate generated by running this command: wget
# creates the AWS IoT
def createIoT():
iot = AWSIoTMQTTShadowClient('AWSHome')
# update this with your own endpoint from the IOT dashboard
iot.configureEndpoint('asdasd.reg.amazonaws.com', 443)
iot.configureCredentials('VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem')
iot.configureConnectDisconnectTimeout(10) # 10 sec
iot.configureMQTTOperationTimeout(5) # 5 sec
iot.connect()
return
Error:
Traceback (most recent call last):
File "./awshome.py", line 60, in <module> iot = createIoT()
File "./awshome.py", line 50, in createIoT iot.connect() File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/MQTTLib.py", line 1216, in connect return
self._AWSIoTMQTTClient.connect(keepAliveIntervalSecond)
File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/MQTTLib.py", line 485, in connect return self._mqtt_core.connect(keepAliveIntervalSecond)
File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 192, in connect self.connect_async(keep_alive_sec, self._create_blocking_ack_callback(event))
File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 219, in connect_async
raise e
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
Upvotes: 1
Views: 1111
Answers (2)
Reputation: 8464
Since May 2018 both the endpoint and the certificates for AWS's IoT Core has changed.
In short you need to:
- Change your endpoint to
a1am7bjirugllj-ats.iot.us-east-1.amazonaws.com(note the-ats) - Use one of the AWS Root CAs (https://www.amazontrust.com/repository/AmazonRootCA1.pem)
Full details: https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/
Upvotes: 1
Reputation: 4387
It can be that you have self signed certificate, or something else happens that makes the certificate not valid. Question is what do you want to achieve... If the point is to see it working:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
That is pretty ugly solution, here, and here you have wider explanation.
Upvotes: 0
Related Questions
- AWS IoT Connection error : Invalid "caCert" option supplied with aws-iot-device-sdk
- How to fix CERTIFICATE_VERIFY_FAILED error in websocket-client Python module?
- Python Websocket secure [SSL: CERTIFICATE_VERIFY_FAILED] (_ssl.c:777)
- “SSL: CERTIFICATE_VERIFY_FAILED” Error when publish MQTT, AWS IoT
- AWS IOT Data: CERTIFICATE_VERIFY_FAILED
- MQTT problem with raspberry pi, SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1056)
- Incorrect connection header with MQTT over Websocket with AWS IoT
- SSL error - certificate verify failed - AWS IOT (basicPubSub.py)
- Mqtt connection gives 403 for aws IOT Pre-Signed URL
- AWS IoT Mosquitto Certificate Error