how to solve aws connection error for esp32

0
votes

I am getting the following error while connecting ESP32 with AWS IOT:- (error attached following) I went thru many links but was not able to solve the issue. I have generated valid certificates that are :-

aws-root-ca.pem

certificate.pem.crt

private.pem.key

E (5446) aws_iot: failed! mbedtls_ssl_handshake returned -0x2700
E (5446) aws_iot:     Unable to verify the server's certificate. 
E (5456) subpub: Error(-4) connecting to a39wjx7wm5wvia-ats.iot.us-east-2.amazonaws.com:8883
1
aws-iotesp32esp-idf
hi, did you find any solution for this problem. i'm facing the same error. i'm using the aws iot mqtt only as library, i'm not trying to connect to the amazon server. the thing is, i can use mosquitto_pub and mosquitto_sub to connect to the mosquitto broker, even from another laptop (mosquitto broker in Rpi), but when it comes to the ESP32, i get bad certificate (in mosquitto broker) and the same message you have posted. the only think left to do, is to check the --unsecure option that i use when i connect via mosquitto_pub/sub cmd and apply it in the esp32.shadow
i just come here to say i have found the solution. sothis would be helpful for anyone may face this problem. my mistake was in the common name, it should be the same for all certifications (CA, broker, client) and should be your broker ip (i used the mDns (www.raspberrypi.local in my case) and still didn't work, use the 192.168.x.x format) and if you want to skip this verification just disable the isSSLHostnameVerify ( = false) so you don't need it. the problem call handshake failure (that why it's a connection failure message (-4)) and mosquitto will display bad certificate. thxshadow

1 Answers

0
votes

I'm a bit confused with your phrase "I have generated valid certificates that are" - because Amazon Root certificate you should simply downloade from here - it isn't generated. Looking at your error message I would assume that you did something else and use incorrect root certificate for Amazon.