1

I'm trying to connect to AWS IoT from a node.js application using the aws-iot-device-sdk. I want to publish messages to the AWS MQTT Broker. However, I keep getting an error message saying "unable to get local issuer certificate"

events.js:174
      throw er; // Unhandled 'error' event
      ^

Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1051:34)
    at TLSSocket.emit (events.js:189:13)
    at TLSSocket.EventEmitter.emit (domain.js:441:20)
    at TLSSocket._finishInit (_tls_wrap.js:633:8)
Emitted 'error' event at:
    at MqttClient.<anonymous> (/Users/****/node_modules/aws-iot-device-sdk/device/index.js:808:12)
    at MqttClient.emit (events.js:189:13)
    at MqttClient.EventEmitter.emit (domain.js:441:20)
    at TLSSocket.handleTLSerrors (****/node_modules/aws-iot-device-sdk/device/lib/tls.js:29:18)
    at TLSSocket.emit (events.js:194:15)
    at TLSSocket.EventEmitter.emit (domain.js:441:20)
    at emitErrorNT (internal/streams/destroy.js:82:8)
    at emitErrorAndCloseNT (internal/streams/destroy.js:50:3)
    at process._tickCallback (internal/process/next_tick.js:63:19)

I have created my device (there is no real one, just mimicking), registered it in AWS IoT, created the certificate, private and public key, added a policy to the certificate.

I also downloaded the Amazon Root CA 1 from https://www.amazontrust.com/repository/AmazonRootCA1.pem .

Now here comes my question (sorry if it's a silly one): How, in what format do I save the certificate? I just copied the text to a file and called the file root_ca.pem .

I have also tried different formats of the keys and certificates (xxx.key.pem or root_ca.crt). 

const topic = 'uniqueClientId/#/1/' + anotherUniqueId + '/myTopicName';
AWS.config.region = 'us-east-1';

let device = awsIot.device({
    keyPath: './Certs/****-private.key',
    certPath: './Certs/****-certificate.pem',
    caPath: './Certs/root_ca.pem',
    clientId: 'myUniqueClientId',
    host: 'myhost.iot.us-east-1.amazonaws.com' // NOTE: got this value with `aws iot describe-endpoint`
});

device
    .on('connect', function() {
        console.log('connect');
        device.publish(topic, JSON.stringify({ test_data: 1}));
    });

What I would like to see is the test message in the MQTT Broker in the Amazon console.

But I can't seem to succeed with connecting to AWS IoT.

Please bear with me if something is missing. I'm quite a beginner and this here is my first post on StackOverflow. So, grateful if any of you could help me out here or point me in a direction.

juulia
  • 11
  • 3
  • https://github.com/aws/aws-iot-device-sdk-js/issues/240 – user269867 Jun 12 '19 at 17:28
  • If you haven't already done so then I find it easier to get something going with a ready made MQTT client before trying it in code. This will help you sort out certificates, endpoints and policies. I haven't had to convert or modify certificates from the plain download and you usually do need to include the header in the certificate. – Ben T Jun 13 '19 at 01:26
  • 2
    @user269867 Thank you. I saw this issue, too, but obviously didn't look close enough. In the end, combining the -ats endpoint with the CA 1 Root Certificate solved the error. – juulia Jun 14 '19 at 14:25
  • For my purposes, the aws iot sdk didn' seem suitable. I found the information it was for embedded devices so I tried a different api `aws-mqtt` and that just worked fine. Thanks anyway! – juulia Jun 14 '19 at 14:29
  • @juulia were u able to resolve it? i'm facing exactly same issue and i don't get much help anywhere. – Harisha K P Feb 20 '20 at 15:48

0 Answers0