1

I am trying to setup AWS IoT using a Python script as mentioned in this link:

I am able to connect on AWS IoT MQTT without WebSocket (used x.509 certificate).

# creates the AWS IoT 
def createIoT(): 
   iot = AWSIoTMQTTShadowClient('AWSHome') 
   # update this with your own endpoint from the IOT dashboard 
   iot.configureEndpoint('allj.iot.reg.amazonaws.com', 443) 
   iot.configureCredentials('rootCA','private.key','certificate.crt') 
   iot.configureConnectDisconnectTimeout(10)  # 10 sec 
   iot.configureMQTTOperationTimeout(5)  # 5 sec 
   iot.connect() 
   return

But When I try to connect on AWS IoT MQTT with WebSocket, I get the following error:

Using the certificate generated by running this command: wget

# creates the AWS IoT 
def createIoT(): 
   iot = AWSIoTMQTTShadowClient('AWSHome') 
   # update this with your own endpoint from the IOT dashboard 
   iot.configureEndpoint('asdasd.reg.amazonaws.com', 443) 
   iot.configureCredentials('VeriSign-Class%203-Public-Primary-Certification-Authority-G5.pem') 
   iot.configureConnectDisconnectTimeout(10)  # 10 sec 
   iot.configureMQTTOperationTimeout(5)  # 5 sec 
   iot.connect() 
   return

Error:

    Traceback (most recent call last): 
    File "./awshome.py", line 60, in <module> iot = createIoT() 
    File "./awshome.py", line 50, in createIoT iot.connect() File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/MQTTLib.py", line 1216, in connect return         
    self._AWSIoTMQTTClient.connect(keepAliveIntervalSecond) 
    File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/MQTTLib.py", line 485, in connect return self._mqtt_core.connect(keepAliveIntervalSecond) 
    File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 192, in connect self.connect_async(keep_alive_sec, self._create_blocking_ack_callback(event)) 
    File "/home/pi/.local/lib/python2.7/site-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 219, in connect_async 
    raise e 
    ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
Abhinav Juneja
  • 95
  • 9

2 Answers2

1

Since May 2018 both the endpoint and the certificates for AWS's IoT Core has changed.

In short you need to:

  1. Change your endpoint to a1am7bjirugllj-ats.iot.us-east-1.amazonaws.com (note the -ats)
  2. Use one of the AWS Root CAs (https://www.amazontrust.com/repository/AmazonRootCA1.pem)

Full details: https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/

thomasmichaelwallace
  • 7,926
  • 1
  • 27
  • 33
  • I am using -ats and updated the old certificate with this link that you have mentioned: https://www.amazontrust.com/repository/AmazonRootCA1.pem Now its giving this error: ValueError: Invalid endpoint pattern for wss: xxxxxxxx-ats.iot.us-west-2.amazonaws.com – Abhinav Juneja Nov 06 '18 at 11:05
0

It can be that you have self signed certificate, or something else happens that makes the certificate not valid. Question is what do you want to achieve... If the point is to see it working:

import ssl

ssl._create_default_https_context = ssl._create_unverified_context

That is pretty ugly solution, here, and here you have wider explanation.

Michał Zaborowski
  • 3,911
  • 2
  • 19
  • 39