0

I'm getting the following error when trying to connecto t aws IoT

    myAWSIoTMQTTShadowClient.connect()
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 1271, in connect
    return self._AWSIoTMQTTClient.connect(keepAliveIntervalSecond)
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 513, in connect
    return self._mqtt_core.connect(keepAliveIntervalSecond)
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 196, in connect
    self.connect_async(keep_alive_sec, self._create_blocking_ack_callback(event))
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 223, in connect_async
    raise e
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 211, in connect_async
    rc = self._internal_async_client.connect(keep_alive_sec, ack_callback)
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/internal/clients.py", line 122, in connect
    rc = self._paho_client.connect(host, port, keep_alive_sec)
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 665, in connect
    return self.reconnect()
  File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 826, in reconnect
    ciphers=self._tls_ciphers)
  File "/usr/lib/python3.7/ssl.py", line 1222, in wrap_socket
    suppress_ragged_eofs=suppress_ragged_eofs
  File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

I have tried several methods i've found on here, including https://timonweb.com/tutorials/fixing-certificate_verify_failed-error-when-trying-requests_html-out-on-mac/

but nothing seems to work. I'm running Raspbian Linux with Python 3

The command being run

python3 Script.py --endpoint "aws endpoint" --rootCA /etc/ssl/certs/AmazonRootCA1.pem --cert /greengrass/certs/RPI-certificate.pem.crt --key /greengrass/certs/RPI-private.pem.key --thingName RaspberryPi --clientId RaspberryPi

Does anyone have any other recommendations?

user2025262
  • 1
  • 2
  • [This question](https://stackoverflow.com/q/51925384/712526) is related; having said that, the answers there did not help me. Maybe it will work for you. – jpaugh Jul 02 '20 at 15:49

1 Answers1

0

I also saw this exact error in my first venture into the Pi IoT SDK today.

In my case I was using the Amazon root CA (RSA 2048) certificate (as directed by Amazon). By switching to the VeriSign Class 3 Public Primary G5 root CA certificate (also advertised on their website) the connection worked.

So, try using the VeriSign Endpoints (legacy) root certificate linked to from the AWS IoT docs at https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html

Alan Christie
  • 46
  • 3