0

A few days ago I bought a Raspberry Pi Pico W and I am trying to connect it to AWS Iot Core. However, I get stuck when connecting to AWS.

I have gone throught the following steps:

  • installed Micropython on the Raspberry Pi Pico W, this works!

  • Created an AWS account.

  • registered a "Thing" at IoT Core

  • Downloaded the corresponding certificates & keys: (Certificates: AmazonRootCA1.pem, certificate.pem.crt, Keys: public.pem.key & private.pem.key)

  • created a policy, which allows the policy all actions. At AWS this policy is activated and has the form:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "*",
      "Resource": "*"
    }
  ]
}
  • Attached the certificate to the policy.
  • Attached the registered Thing to the policy.
  • transfered the keys and the certificates to the Raspberry Pi Pico W.

Hereafter, I use Thonny to write the following code trying to connect the raspberry pi with AWS.

import time
import network
import urequests
SSID = "XXXX"
PASSWORD = "XXXX"

print("start connecting")
wlan = network.WLAN(network.STA_IF)
wlan.active(True)
wlan.connect(SSID, PASSWORD)
print("Connected:", wlan.isconnected())

import sys
import machine
import argparse
from umqtt.simple import MQTTClient

clientId = 'client1'
AWS_ENDPOINT = 'XXXXX.amazonaws.com'
PORT = 8883

certfile = '/certificate.pem.crt'
with open(certfile, 'r') as f:
    cert = f.read()
    
keyfile = '/private.pem.key'
with open(keyfile, 'r') as f:
    key = f.read()

print("Key and Certificate files Loaded")

SSL_PARAMS = {'key': key, 'cert': cert, 'server_side': False}

client = MQTTClient(clientId, AWS_ENDPOINT, port=PORT, keepalive=10000, ssl=True, ssl_params=SSL_PARAMS)

print("Client created")

client.connect()

The program runs until:

client.connect()

And gives me the following error:

Traceback (most recent call last):
  File "<stdin>", line 38, in <module>
  File "/lib/umqtt/simple.py", line 61, in connect
ValueError: invalid key

(line 38 being the client.connect() statement)

The format of the private.pem.key is:

-----BEGIN RSA PRIVATE KEY----- [block of characters] -----END RSA PRIVATE KEY-----

I there anyone who knows what I am doing wrong? Thank you in advance for the help!! :)

Kind regards, Benjamin

Benjamin de Jong
  • 1
  • 1
  • It looks like umqtt.simple [uses](https://github.com/micropython/micropython-lib/blob/v1.9.3/umqtt.simple/umqtt/simple.py#L61) [ussl.wrap_socket](https://github.com/micropython/micropython-lib/blob/v1.9.3/umqtt.simple/umqtt/simple.py#L61) which I don't think supports key/cert - pass `keyfile`/`certfile` instead - see [the docs](http://docs.micropython.org/en/v1.15/library/ussl.html). – Brits Sep 10 '22 at 02:17

1 Answers1

2

Sorry - late to the party.

If you haven't got this working you should try to convert the key & cert files to .DER format with OpenSSL

openssl x509 -in certificate.pem.crt -out certificate.der -outform DER

openssl rsa -in private.pem.key -out private.key.der -outform DER

`certfile = '/certificate.der'`

`with open(certfile, 'r') as f:`

    `cert = f.read()`

`keyfile = '/private.pem.der'`

`with open(keyfile, 'r') as f:`

    `key = f.read()`
buytore
  • 21
  • 4
  • This fixed it for me (same issue). I did have to change the read to do `open(keyfile, 'rb'` as the commands sent out binary files for me. Had a brief go using the `-text` option but didn't get anywhere with that so continued with 'rb'. Thanks though, this was exactly my problem. – dougmet Dec 07 '22 at 19:05