Skip to main content
Y
younghan
Associate II
May 27, 2024
Solved

what use ca.pem file?

  • May 27, 2024
  • 2 replies
  • 1288 views

I follow X-LINUX-AWS Expansion Package guide.

 

Now 6.2 MQTT subscribe and publish test

but what use ca.pem file?

I use 

Board $> cat /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

GG_CORE_IP=192.168.7.1

PC cmd)

mosquitto_sub \
-h ${GG_CORE_IP} \
-p 8883 \
--cert device-client-1-certs/device.pem.crt \
--key device-client-1-certs/private.pem.key \
--cafile ca.pem \
-t "+/hello/world" \
-u ClientDevice1 \
-i ClientDevice1
Error: A TLS error occurred.

 

but error occurred.

thanks, reply.

Best answer by AMARSTM

Hello @younghan ,

Thank you for your question.
Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
Otherwise maybe you can try to add some wireshark logs.

To answer the question, "what use ca.pem file?"

 /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

it is the certificate used by the client devices to authenticate the Greegrass core device.
This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)

Best regards.

2 replies

AMARSTM
AMARSTMBest answer
ST Employee
June 7, 2024

Hello @younghan ,

Thank you for your question.
Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
Otherwise maybe you can try to add some wireshark logs.

To answer the question, "what use ca.pem file?"

 /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

it is the certificate used by the client devices to authenticate the Greegrass core device.
This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)

Best regards.

AMARSTM
AMARSTM
ST Employee
June 10, 2024

Hello @younghan 

I tried with IP address 192.168.7.1 (usb-c network interface) and mosquitto_pub is working correctly.

  • Could you make sure that the contents of certificates  "/opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem" and the one given to moquitto_sub (option --cafile) are the same.
  • Could you make sure that on AWS IoT Core > Greengrass > Core devices > Your core Device > Client Devices
    • The MQTT Broker endpoint "192.168.7.1" is listed
    • The Client Device 1 is listed in "Associated client devices"
  • Could you make sure that AWS IoT Core > Manage > Things > Client Device 1
    • Has an active certificate (normally this certificate can also been found on the Core device /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/clients/*.pem

 

Best regards.

Terms & ConditionsAccessibility statement