Skip to main content
Y
younghan
Explorer
May 27, 2024
Solved

what use ca.pem file?

  • May 27, 2024
  • 2 replies
  • 1287 views

I follow X-LINUX-AWS Expansion Package guide.

 

Now 6.2 MQTT subscribe and publish test

but what use ca.pem file?

I use 

Board $> cat /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

GG_CORE_IP=192.168.7.1

PC cmd)

mosquitto_sub \
-h ${GG_CORE_IP} \
-p 8883 \
--cert device-client-1-certs/device.pem.crt \
--key device-client-1-certs/private.pem.key \
--cafile ca.pem \
-t "+/hello/world" \
-u ClientDevice1 \
-i ClientDevice1
Error: A TLS error occurred.

 

but error occurred.

thanks, reply.

    This topic has been closed for replies.
    Best answer by AMARSTM

    Hello @younghan ,

    Thank you for your question.
    Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
    Otherwise maybe you can try to add some wireshark logs.

    To answer the question, "what use ca.pem file?"

     /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

    it is the certificate used by the client devices to authenticate the Greegrass core device.
    This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)

    Best regards.

    2 replies

    A
    AMARSTMAnswer
    ST Employee
    June 7, 2024

    Hello @younghan ,

    Thank you for your question.
    Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
    Otherwise maybe you can try to add some wireshark logs.

    To answer the question, "what use ca.pem file?"

     /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

    it is the certificate used by the client devices to authenticate the Greegrass core device.
    This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)

    Best regards.

    A
    AMARSTM
    ST Employee
    June 10, 2024

    Hello @younghan 

    I tried with IP address 192.168.7.1 (usb-c network interface) and mosquitto_pub is working correctly.

    • Could you make sure that the contents of certificates  "/opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem" and the one given to moquitto_sub (option --cafile) are the same.
    • Could you make sure that on AWS IoT Core > Greengrass > Core devices > Your core Device > Client Devices
      • The MQTT Broker endpoint "192.168.7.1" is listed
      • The Client Device 1 is listed in "Associated client devices"
    • Could you make sure that AWS IoT Core > Manage > Things > Client Device 1
      • Has an active certificate (normally this certificate can also been found on the Core device /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/clients/*.pem

     

    Best regards.

    Terms & ConditionsAccessibility statement