尝试连接到 AWS IoT 时出现错误,无法获取本地颁发者证书 (_ssl.c:1056)
[英]Getting Error unable to get local issuer certificate (_ssl.c:1056) when trying to connect to AWS IoT
问题描述
I'm getting the following error when trying to connecto t aws IoT
尝试连接 AWS IoT 时出现以下错误
myAWSIoTMQTTShadowClient.connect()
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 1271, in connect
return self._AWSIoTMQTTClient.connect(keepAliveIntervalSecond)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 513, in connect
return self._mqtt_core.connect(keepAliveIntervalSecond)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 196, in connect
self.connect_async(keep_alive_sec, self._create_blocking_ack_callback(event))
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 223, in connect_async
raise e
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 211, in connect_async
rc = self._internal_async_client.connect(keep_alive_sec, ack_callback)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/internal/clients.py", line 122, in connect
rc = self._paho_client.connect(host, port, keep_alive_sec)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 665, in connect
return self.reconnect()
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 826, in reconnect
ciphers=self._tls_ciphers)
File "/usr/lib/python3.7/ssl.py", line 1222, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs
File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 853, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
I have tried several methods i've found on here, including https://timonweb.com/tutorials/fixing-certificate_verify_failed-error-when-trying-requests_html-out-on-mac/我尝试了在这里找到的几种方法,包括https://timonweb.com/tutorials/fixing-certificate_verify_failed-error-when-trying-requests_html-out-on-mac/
but nothing seems to work.但似乎没有任何效果。 I'm running Raspbian Linux with Python 3我正在运行 Raspbian Linux 和 Python 3
The command being run正在运行的命令
python3 Script.py --endpoint "aws endpoint" --rootCA /etc/ssl/certs/AmazonRootCA1.pem --cert /greengrass/certs/RPI-certificate.pem.crt --key /greengrass/certs/RPI-private.pem.key --thingName RaspberryPi --clientId RaspberryPi
Does anyone have any other recommendations?有人有其他建议吗?
1 个解决方案
解决方案1
0 2020-10-31 17:57:54
I also saw this exact error in my first venture into the Pi IoT SDK today.我今天在第一次尝试 Pi IoT SDK 时也看到了这个确切的错误。
In my case I was using the Amazon root CA (RSA 2048) certificate (as directed by Amazon).就我而言,我使用的是 Amazon 根 CA (RSA 2048) 证书(由 Amazon 指示)。 By switching to the VeriSign Class 3 Public Primary G5 root CA certificate (also advertised on their website) the connection worked.通过切换到VeriSign Class 3 Public Primary G5 根 CA 证书(也在他们的网站上公布),连接工作正常。
So, try using the VeriSign Endpoints (legacy) root certificate linked to from the AWS IoT docs at https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html因此,请尝试使用从https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html的 AWS IoT 文档链接到的VeriSign 端点(旧版)根证书
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.