stackoom
  简体   繁体   中英

AWS IoT restore thing with original certificates not connecting

 原文  2021-04-23 07:31:36       node.js/ amazon-web-services/ aws-cli/ aws-iot

Question

I use the AWS Nodejs cli to create things on AWS (Thing + certificates created with the api)

I have a test script to connect to the mqqtt server and send a hearbeat message, all good.

I remove the device (inactive cert, detach cert, detach policy, and delete thing) to test an accidental delete.

I try to create the thing with the previous name but instead of creating a new cert I upload the original certificate.pem (exaclty the same certificate.pem), attach policy and device (same as originally) and finally activate the cert. No error here, all seems good on the IoT console.

But when I run the test script is not able to connect to mqtt server (same behavior when the decive has no cert or was deleted):

2021-04-23T15:02:51.204 DEBUG Device:indoor-summer connecting...
{
  privateKey: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 51 49 42 41 41 4b 43 41 51 45 41 71 46 ... 1629 more bytes>,
  clientCert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 54 43 43 41 6b 47 67 41 77 49 42 41 67 49 55 65 58 ... 1170 more bytes>,
  caCert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 51 54 43 43 41 69 6d 67 41 77 49 42 41 67 49 54 42 6d ... 1138 more bytes>,
  clientId: 'indoor-summer',
  host: 'XXXXXXXXXX.iot.ap-southeast-1.amazonaws.com',
  debug: true,
  keepalive: 300,
  username: '?SDK=JavaScript&Version=2.2.6',
  reconnectPeriod: 1000,
  fastDisconnectDetection: true,
  resubscribe: false,
  protocol: 'mqtts',
  port: 8883,
  ca: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 51 54 43 43 41 69 6d 67 41 77 49 42 41 67 49 54 42 6d ... 1138 more bytes>,
  key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 51 49 42 41 41 4b 43 41 51 45 41 71 46 ... 1629 more bytes>,
  cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 54 43 43 41 6b 47 67 41 77 49 42 41 67 49 55 65 58 ... 1170 more bytes>,
  requestCert: true,
  rejectUnauthorized: true
}
attempting new mqtt connection...
connection lost - will attempt reconnection in 1 seconds...

2021-04-23T15:02:52.456 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 2 seconds...

2021-04-23T15:02:54.617 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 4 seconds...

2021-04-23T15:02:58.778 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 8 seconds...

2021-04-23T15:03:06.945 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 16 seconds...

2021-04-23T15:03:23.145 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 32 seconds...

2021-04-23T15:03:55.309 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 64 seconds...

To restore the certificate I follow: https://docs.aws.amazon.com/iot/latest/developerguide/manual-cert-registration.html ( Register a client certificate without a registered CA (CLI) )

Edit: Now using the AWS Console:

  • Create Thing
  • Create Certs (one click)
  • Activate
  • Attach policy
  • Test mqtt connection: All good

Now:

  • Delete the cert
  • Upload the SAME 00000000-certificate.pem file
  • Activate
  • Test mqtt connection: Failed (same as original message)

I am missing a step?

1 answers

solution1
 0 ACCPTED  2021-05-12 06:10:40

I got an answer from AWS support, it's not IoT Core issue but the client library:

For the certificates that are registered using CA less registration (Register a client certificate without a registered CA), when connecting to AWS IoT, it must send SNI(Server Name Identifier). However, for V1 AWS JS Device SDK [1], the SDK doesn't send SNI. You will need to use V2 SDk [2]

More info about SNI:

https://www.globalsign.com/en/blog/what-is-server-name-indication

https://www.cloudflare.com/learning/ssl/what-is-sni/

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS IOT: Read Thing Shadow AWS IOT Update Thing Validation Error in NodeJS Get Thing Shadow of Aws iot thing in lambda function Connecting to aws iot core with mqtt username and password Creating AWS IoT “things” with policies and certificates on-the-fly Stream 100MB+ file from AWS Cloud to the Thing using AWS IoT AWS IOT JS device SDK not connecting and keep on reconnecting again and again Why is my AWS IoT SDK thing shadow update request timing out using the Node SDK? Updating thing-shadow on aws-iot using Node.js getting some error..also attached code for reffrence How to get aws-iot thing shadow on android app??I Used rest api(created by aws) for this but need to understand how to add headers with rest api?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM