Page 3 of 3

Re: Connecting to AWS with MQTT

Posted: Fri Jan 31, 2020 8:22 pm
by sspaman
Hi Kevin,

No I have not.

Re: Connecting to AWS with MQTT

Posted: Fri Jan 31, 2020 8:24 pm
by kevinkk525
Might want to try that to be sure the AWS IOT works as expected and doesn't need weird workarounds

Re: Connecting to AWS with MQTT

Posted: Fri Apr 10, 2020 11:19 am
by VicLuna
Hi

I followed all your instructions and I got a error that no body talks about i.
mbedtls_ssl_handshake error: -10

I post my code and you may find I'm missing something.

.....
certpem=open('/flash/cert').read()
privkey=open('/flash/key').read()
mqtt_server = 'a15azlxdxhvk5o-ats.iot.eu-west-1.amazonaws.com'
......
client = MQTTClient(client_id='esp32vroom', server=mqtt_server, port=8883, keepalive=10000, ssl=True, ssl_params={"key":privkey,"cert":certpem,"server_side":False})

I've checked that policies are ok:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": "*"
}
]
}

may you help me?

Thanks

Re: Connecting to AWS with MQTT

Posted: Fri Apr 10, 2020 3:39 pm
by sspaman
The error looks like it is related to AWS security. Check that your thing is activated on your IoT dashboard and the certs and keys are correct. The code looks like it should work.

Re: Connecting to AWS with MQTT

Posted: Sat Apr 11, 2020 8:43 am
by VicLuna
Hi
thanks for your sooner reply.

I checked it with 2 different certifications and the result was the same I got error -10.

but on the other hand, when I used those certification key with other applications and enviroments works fine.
1.- Certification is a windows python SDK that provides AWS, and I executed .\start.ps1 and it works ok, because I see the message at the test console.
2.- Certification is general and I published and subscribed messages using pentaho-kettle, it's a open source platform.

just a simple question :
key = ESPDevice-private.pem.key
cert =ESPDevice-certificate.pem.key
is that correct?

and finally I'm using firmware:

Firmware built with ESP-IDF v3.x, with support for BLE, LAN and PPP:
GENERIC : esp32-idf3-20200411-v1.12-357-g740946736.bin

any clue just to try and unblock this situation?

Thanks

Re: Connecting to AWS with MQTT

Posted: Sat Apr 11, 2020 2:02 pm
by VicLuna
I found the error.

I run the posted code with firmware:
esp32-idf3-20200410-v1.12-357-g740946736.bin
esp32-idf3-20200404-v1.12-331-ge97bb58f0.bin

both I got error reported

however with the firmware esp32-idf3-20190529-v1.11.bin works perfectly.

this post help you

Re: Connecting to AWS with MQTT

Posted: Fri May 15, 2020 6:53 pm
by Klabauterman
GUYS I FOUND THE SOLUTION!

Here are my learings:
In case you get the index out of bounds error message, it means your esp has no wifi connection.

If you get an error message like 'invalid key' (v1.12+) or your esp just reboots on the mqtt connect call (v1.11), you are most likely using the pem key and certificate that you downloaded from aws. I have seen this in so many examples, but IT JUST DOES NOT WORK! At least for me.

The solution (as mentioned earlier) is that you need to convert private key and certificate to a binary DER format like this (command line):

Code: Select all

openssl x509 -in asdf.cert.pem -out asdf.cert.der -outform DER
openssl rsa -in asdf.private.key -out asdf.key.der -outform DER
The rest is the same.