what use ca.pem file?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-05-27 1:46 AM - edited ‎2024-05-27 1:55 AM
I follow X-LINUX-AWS Expansion Package guide.
Now 6.2 MQTT subscribe and publish test
but what use ca.pem file?
I use
Board $> cat /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem
GG_CORE_IP=192.168.7.1
PC cmd)
mosquitto_sub \
-h ${GG_CORE_IP} \
-p 8883 \
--cert device-client-1-certs/device.pem.crt \
--key device-client-1-certs/private.pem.key \
--cafile ca.pem \
-t "+/hello/world" \
-u ClientDevice1 \
-i ClientDevice1
Error: A TLS error occurred.
but error occurred.
thanks, reply.
Solved! Go to Solution.
- Labels:
-
STM32MP13 Lines
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-06-07 8:39 AM
Hello @younghan ,
Thank you for your question.
Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
Otherwise maybe you can try to add some wireshark logs.
To answer the question, "what use ca.pem file?"
/opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem
it is the certificate used by the client devices to authenticate the Greegrass core device.
This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)
Best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-06-07 8:39 AM
Hello @younghan ,
Thank you for your question.
Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
Otherwise maybe you can try to add some wireshark logs.
To answer the question, "what use ca.pem file?"
/opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem
it is the certificate used by the client devices to authenticate the Greegrass core device.
This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)
Best regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-06-10 3:27 AM
Hello @younghan
I tried with IP address 192.168.7.1 (usb-c network interface) and mosquitto_pub is working correctly.
- Could you make sure that the contents of certificates "/opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem" and the one given to moquitto_sub (option --cafile) are the same.
- Could you make sure that on AWS IoT Core > Greengrass > Core devices > Your core Device > Client Devices
- The MQTT Broker endpoint "192.168.7.1" is listed
- The Client Device 1 is listed in "Associated client devices"
- Could you make sure that AWS IoT Core > Manage > Things > Client Device 1
- Has an active certificate (normally this certificate can also been found on the Core device /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/clients/*.pem
Best regards.
