cancel
Showing results for 
Search instead for 
Did you mean: 

what use ca.pem file?

younghan
Associate III

I follow X-LINUX-AWS Expansion Package guide.

 

Now 6.2 MQTT subscribe and publish test

but what use ca.pem file?

I use 

Board $> cat /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

GG_CORE_IP=192.168.7.1

PC cmd)

mosquitto_sub \
-h ${GG_CORE_IP} \
-p 8883 \
--cert device-client-1-certs/device.pem.crt \
--key device-client-1-certs/private.pem.key \
--cafile ca.pem \
-t "+/hello/world" \
-u ClientDevice1 \
-i ClientDevice1
Error: A TLS error occurred.

 

but error occurred.

thanks, reply.

1 ACCEPTED SOLUTION

Accepted Solutions
AMARSTM
ST Employee

Hello @younghan ,

Thank you for your question.
Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
Otherwise maybe you can try to add some wireshark logs.

To answer the question, "what use ca.pem file?"

 /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

it is the certificate used by the client devices to authenticate the Greegrass core device.
This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)

Best regards.

View solution in original post

2 REPLIES 2
AMARSTM
ST Employee

Hello @younghan ,

Thank you for your question.
Can you try with the IP address of the local network (behind router), typically with IP address like 192.168.1.x ?
Otherwise maybe you can try to add some wireshark logs.

To answer the question, "what use ca.pem file?"

 /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem

it is the certificate used by the client devices to authenticate the Greegrass core device.
This certificate can be retrieved by an end device using the greengrass discovery method. (https://docs.aws.amazon.com/greengrass/v2/developerguide/greengrass-discover-api.html)

Best regards.

AMARSTM
ST Employee

Hello @younghan 

I tried with IP address 192.168.7.1 (usb-c network interface) and mosquitto_pub is working correctly.

  • Could you make sure that the contents of certificates  "/opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/ca.pem" and the one given to moquitto_sub (option --cafile) are the same.
  • Could you make sure that on AWS IoT Core > Greengrass > Core devices > Your core Device > Client Devices
    • The MQTT Broker endpoint "192.168.7.1" is listed
    • The Client Device 1 is listed in "Associated client devices"
  • Could you make sure that AWS IoT Core > Manage > Things > Client Device 1
    • Has an active certificate (normally this certificate can also been found on the Core device /opt/greengrass/v2/work/aws.greengrass.clientdevices.Auth/clients/*.pem

 

Best regards.