Omega2 aws connect error, SSL certificate verify failed



  • Hi everyone,
    I am working on project where i need to connect Omega2 to AWS Iot core. I had followed AWS Omega2 tutorial and successfully connected with AWS. Also published message on AWS shadow. I saw it uses mosquito client.

    But my interest is to do with python. I had installed all required package of python and run the sample code for AWS publish shown below

    from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient
    import sys
    import logging
    import time
    import getopt
    import json
    import datetime
    
    # Read in command-line parameters
    host = "xxxxxxxxxxxx-ats.iot.ap-south-1.amazonaws.com"
    rootCAPath = "/root/root-CA.crt"
    certificatePath = "/root/xxxxxxxxxxxxxxx-certificate.pem.crt"
    privateKeyPath = "/root/xxxxxxxxxxxxxx-private.pem.key"
    
    myAWSIoTMQTTClient = AWSIoTMQTTClient("myOmega")
    myAWSIoTMQTTClient.configureEndpoint(host, 8883)
    myAWSIoTMQTTClient.configureCredentials(rootCAPath, privateKeyPath, certificatePath)
    
    # AWSIoTMQTTClient connection configuration
    myAWSIoTMQTTClient.configureAutoReconnectBackoffTime(1, 32, 20)
    myAWSIoTMQTTClient.configureOfflinePublishQueueing(-1)  # Infinite offline Publish queueing
    myAWSIoTMQTTClient.configureDrainingFrequency(2)  # Draining: 2 Hz
    myAWSIoTMQTTClient.configureConnectDisconnectTimeout(10)  # 10 sec
    myAWSIoTMQTTClient.configureMQTTOperationTimeout(5)  # 5 sec
    
    # Connect and subscribe to AWS IoT
    myAWSIoTMQTTClient.connect()
    
    sys.path.insert(0, '/usr/lib/python2.7/bridge/') 
    from bridgeclient import BridgeClient as bridgeclient
    value = bridgeclient()
    
    # Publish to the same topic in a loop forever
    while True:
    humidity = value.get("h")
    temperature = value.get("t")
    print "Humi: " + humidity
    print "Temp: " + temperature
    t = time.time();
    date = datetime.datetime.fromtimestamp(t).strftime('%Y%m%d%H%M%S')
    print "humidity: %d, temperature: %d" % (float(humidity), float(temperature))
    myAWSIoTMQTTClient.publish("sensingData/TemperatureHumidity/Room2", json.dumps({"time": date, "temperature": temperature, "humidity": humidity}), 1)
    time.sleep(1)
    

    When i had run above python program, i got following error

    0_1565813134322_12b7b216-648f-438c-8098-5b3579a89c86-image.png

    ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] unknown error (_ssl.c:727)

    Kindly help me to fix above error

    Thanks
    Suman



  • @Suman-kumar-Jha
    Please check if you have both of the ca-certificates and ca-bundle packages installed as explained here: FAQ: I get Error 48 or Error 77 when using curl

    [edit]
    Or perhaps review if the solution documented in this thread is helpful: Connected and immediately disconnected from AWS IoT ?



  • Thanks, after doing the describe process i think Certification issue got solved. But new problem i can see. Please can help to fix this.

    0_1565881030002_AWS_PythonTest.PNG



  • @Suman-kumar-Jha
    This is a bit beyond my skills as I don't python much and don't AWS or MQTT at all, so perhaps someone else can get you to the answer much quicker than I can.

    However, looking at the error you posted, it looks like you are getting a timeout while trying to publish.

    Perhaps you need to increase the timeout duration?
    A bit of google searching reveals that there are a couple of timeout settings that can be tweaked (.configureConnectDisconnectTimeout() and .configureMQTTOperationTimeout()), perhaps you need to look into those?

    There's also this open issue on the aws iot python sdk (which I assume you are using): Recommendation on handling publishTimeoutException #211



  • Thank you cas for your kind support.
    I have Omega2
    Firmware : omega2-v0.3.2-b230

    I had installed python 2.7.9
    Checked SSL Version: 1.0.2
    Then downloaded AWS SDK package for python
    Followed this link https://onion.io/2bt-aws-iot-setup-single-command/ for setting up AWS for Omega2

    Tested manual publish using link
    mosquitto_pub -t $aws/things/Omega-CF2D/shadow/update -m '{"state": {"desired": {"Hi": "Suman"}}}' -q 1
    It worked.

    Then i had looked for python program that can take sensor data from Omega Arduino dock 2 and publish to AWS topic.

    I got the from Linkit 7688 duo aws example, python code. I had modified it. modified program i had attached already before.

    After running i got error which i posted here

    Please help anyone



  • Hi cas,
    I had made simple python program to upload static test data to AWS, everything went correct no error. On AWS IoT core under my thing test, i subscribed to the published topic.
    But then also not able to see any update. Kindly help.

    here is the code

    print("Importing Library")
    import time
    import sys  
    import datetime
    import paho.mqtt.client as paho
    import ssl
    import os
    import json
    print("Importing Done")
    
    def on_connect(client, userdata, flags, rc):
    global connflag
    connflag = True
    if rc == 0:
    	print("Connected")
    else:
    print("Connection returned result: " + str(rc) )
    
    def on_message(client, userdata, msg):
    print(msg.topic+" "+str(msg.payload))
    
    mqttc = paho.Client("myOmega")
    mqttc.on_connect = on_connect
    mqttc.on_message = on_message
    print("Paho Client Setup Done")
    
    awshost = "a3rzs5flqm8tjk-ats.iot.ap-south-1.amazonaws.com"
    awsport = 8883
    clientId = "myOmega"
    thingName = "Omega-CF2D"
    caPath = "/root/root-CA.crt"
    certPath = "/root/496d95a10e-certificate.pem.crt"
    keyPath = "/root/496d95a10e-private.pem.key"
    
    mqttc.tls_set(caPath, certfile=certPath, keyfile=keyPath, cert_reqs=ssl.CERT_REQUIRED, 
    tls_version=ssl.PROTOCOL_TLSv1_2, ciphers=None)
    print("TLS Established")
    mqttc.connect(awshost, awsport, keepalive=60)
    print("Server Connected")
    mqttc.loop_start()
    
    while True:
    humidity = 60
    temperature = 30
    print "humidity: %d, temperature: %d" % (float(humidity), float(temperature))
    t = time.time();
    date = datetime.datetime.fromtimestamp(t).strftime('%Y%m%d%H%M%S')
    mqttc.publish("$aws/things/Omega-CF2D/shadow/update/", json.dumps({"time": date, 
        "temperature": temperature, "humidity": humidity}), qos=1)
    time.sleep(10)
    

    Code Output

    0_1566412675964_42cd6b3f-49d4-4e22-a90e-84c07a4a21cc-image.png



  • Hey,
    Anyone will help



  • @Suman-kumar-Jha have you implemented the on_log callback? I would also implement the on_publish callback. I have not used paho for a few years and I used the C based client but these callbacks are your friend. I'm not entirely convinced that your print statements accurately represent the state of the process.



  • Thanks crispyoz, I had put on_log, then found mqtt is not connecting itself, because of certificate of AWS. Then i followed Mr. Steves turorial and made SSL MQTT working with Cloudmqtt
    http://www.steves-internet-guide.com/create-mqtt-broker-cloudmqtt/

    Thanks for the support



  • @Suman-kumar-Jha Hi sorry I'm having some problems like you, I was wondering what it's the file named caPath = "/root/root-CA.crt" o where is in. into the page AWS. I would really appreciate if you can help me with the doubt.


  • administrators



  • @Lazar-Demin Hi thanks for responding I tried 2 days ago send the data following the steeps in the link, but he doesn't use the CA certificate. At momment that I clic in the option "download" the CA certificate in this link https://docs.aws.amazon.com/iot/latest/developerguide/create-device-certificate.html. Sends to this page. https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html#server-authentication-certs

    In this page. I use the Amazon Root A1, but I don't know if it's correct to use.

    b67532ec-f58c-48de-8236-0152f573d9be-image.png



Looks like your connection to Community was lost, please wait while we try to reconnect.