BrendonShaw
Posts: 89
Joined: Sat Jun 30, 2012 7:53 am

SSL error - certificate verify failed - AWS IOT (basicPubSub.py)

Thu Nov 22, 2018 5:22 pm

I am trying to use the AWS IoT (basicPubSub.py) script to test my AWS connection, but I keep getting this error. I have tried various fixes, but cannot resolve the problem.

I have tried it using my MacBook and RPi and still have the same issue.

I have been trying to get the basicPubSub.py script to work using Python 2.7 and Python 3.6 but keep getting the following error condition:
2018-11-22 14:00:58,477 - AWSIoTPythonSDK.core.protocol.internal.clients - DEBUG - Initializing MQTT layer...
2018-11-22 14:00:58,484 - AWSIoTPythonSDK.core.protocol.internal.clients - DEBUG - Registering internal event callbacks to MQTT layer...
2018-11-22 14:00:58,487 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - MqttCore initialized
2018-11-22 14:00:58,489 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Client id: basicPubSub
2018-11-22 14:00:58,491 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Protocol version: MQTTv3.1.1
2018-11-22 14:00:58,493 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Authentication type: SigV4 WebSocket
2018-11-22 14:00:58,496 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring endpoint...
2018-11-22 14:00:58,498 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring certificates...
2018-11-22 14:00:58,500 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring reconnect back off timing...
2018-11-22 14:00:58,502 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Base quiet time: 1.000000 sec
2018-11-22 14:00:58,505 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Max quiet time: 32.000000 sec
2018-11-22 14:00:58,507 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Stable connection time: 20.000000 sec
2018-11-22 14:00:58,509 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring offline requests queueing: max queue size: -1
2018-11-22 14:00:58,512 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring offline requests queue draining interval: 0.500000 sec
2018-11-22 14:00:58,515 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring connect/disconnect time out: 10.000000 sec
2018-11-22 14:00:58,517 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Configuring MQTT operation time out: 5.000000 sec
2018-11-22 14:00:58,520 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Performing sync connect...
2018-11-22 14:00:58,522 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Performing async connect...
2018-11-22 14:00:58,524 - AWSIoTPythonSDK.core.protocol.mqtt_core - INFO - Keep-alive: 600.000000 sec
2018-11-22 14:00:58,529 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Event consuming thread started
2018-11-22 14:00:58,531 - AWSIoTPythonSDK.core.protocol.mqtt_core - DEBUG - Passing in general notification callbacks to internal client...
2018-11-22 14:00:58,533 - AWSIoTPythonSDK.core.protocol.internal.clients - DEBUG - Filling in fixed event callbacks: CONNACK, DISCONNECT, MESSAGE
2018-11-22 14:00:58,845 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Cleaning up before stopping event consuming
2018-11-22 14:00:58,848 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Event queue cleared
2018-11-22 14:00:58,851 - AWSIoTPythonSDK.core.protocol.internal.clients - DEBUG - Stopping network I/O thread...
2018-11-22 14:00:58,854 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Exiting dispatching loop...
2018-11-22 14:00:58,854 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Network thread stopped
2018-11-22 14:00:58,859 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Event callbacks cleared
2018-11-22 14:00:58,861 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Event consuming thread stopped
2018-11-22 14:00:58,863 - AWSIoTPythonSDK.core.protocol.internal.workers - DEBUG - Waiting for event consumer to completely stop
2018-11-22 14:00:58,865 - AWSIoTPythonSDK.core.protocol.mqtt_core - DEBUG - Event consumer stopped
Traceback (most recent call last):
File "basicPubSub.py", line 113, in
myAWSIoTMQTTClient.connect()
File "/home/pi/Documents/brendon/awsiot/aws-iot-device-sdk-python/AWSIoTPythonSDK/MQTTLib.py", line 485, in connect
return self._mqtt_core.connect(keepAliveIntervalSecond)
File "/home/pi/Documents/brendon/awsiot/aws-iot-device-sdk-python/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 192, in connect
self.connect_async(keep_alive_sec, self._create_blocking_ack_callback(event))
File "/home/pi/Documents/brendon/awsiot/aws-iot-device-sdk-python/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 219, in connect_async
raise e
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)
I am using the Amazon Root CA 1 for the CA certificate and generated the device and private certification.

When I save the certificates does the file need to be saved in a certain format, as I have repeated several times and cannot fix this issue? I tried this open ssl check, but returned the following error:
openssl s_client -connect custom_endpoint.iot.us-east-1.amazonaws.com:8443 -CAfile ca.pem -cert cert.pem -key perm.pem
3070070784:error:20087002:BIO routines:BIO_lookup:system lib:../crypto/bio/b_addr.c:693:Name or service not known
connect:errno=2

Return to “Python”