I am trying Transparent gateway use case with Downstream devices. I am following documentation how-to-create-transparent-gateway provided by microsoft. I have installed azure IoT Edge Runtime on Ubuntu 18.04 virtual machine. IoT edge runtime is running perfectly with one custom java module.
I have created an IoT Device on Azure portal with Symmetric key. I have added my IoT Edge Device as parent to this IoT Device. I am using java sample send-event to send message to IoT Edge device.
I have copied IoT Device connection string from azure portal and modified it as per the documentation Retrieve and modify connection string. My connection string for IoT Device looks like HostName=myGatewayDevice;DeviceId=myDownstreamDevice;SharedAccessKey=xxxyyyzzz
in above connection string myGatewayDevice is the hostname of ubuntu virtual machine hosting IoT Edge runtime. When I run this example I got the below exception
Starting...
Beginning setup.
Successfully read input parameters.
Using communication protocol MQTT.
Exception in thread "main" java.lang.IllegalArgumentException: Provided hostname did not include a valid IoT Hub name as its prefix. An IoT Hub hostname has the following format: [iotHubName].[valid URI chars]
at com.microsoft.azure.sdk.iot.device.IotHubConnectionString.parseHubName(IotHubConnectionString.java:321)
at com.microsoft.azure.sdk.iot.device.IotHubConnectionString.validateTerms(IotHubConnectionString.java:287)
at com.microsoft.azure.sdk.iot.device.IotHubConnectionString.<init>(IotHubConnectionString.java:121)
at com.microsoft.azure.sdk.iot.device.DeviceClient.<init>(DeviceClient.java:176)
at samples.com.microsoft.azure.sdk.iot.SendEvent.main(SendEvent.java:171)
When I modify IoT Device connection string like this
HostName=myiothub.azure-devices.net;DeviceId=myDownstreamDevice;SharedAccessKey=xxxyyyzzz;GatewayHostName=myGatewayDevice I got below error
Exception encountered while sending MQTT CONNECT packet
MqttException (0) - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38)
at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:736)
at java.lang.Thread.run(Thread.java:748)
Kindly help me to fix this. I want make the communication happen with IoT Edge device. any help will be highly appreciated.
Edit 1
Here is the output of sudo openssl s_client -connect RajUbuntuVM:8883 -CAfile Production/EdgeCerts/RootCACertificate/azure-iot-test-only.root.ca.cert.pem -showcerts
0040 - 95 c4 40 5b f9 a8 0d 3c-62 83 50 05 ea 1f b9 0a ..@[...<b.P.....
0050 - 25 e6 99 8a 27 47 4d 55-25 3d 30 aa 00 94 ea 6a %...'GMU%=0....j
0060 - 89 ad 18 60 8f 6b f6 4d-66 6d 05 29 87 6e b0 38 ...`.k.Mfm.).n.8
0070 - a7 01 38 6f 6e 11 c1 db-62 20 43 de 0d 8d ba 29 ..8on...b C....)
0080 - ca 91 78 ff a7 5a 49 1a-d6 ed ae 1d ac 65 73 b8 ..x..ZI......es.
0090 - e1 08 9e 41 63 59 37 ad-88 f9 bd 29 06 8e ca 14 ...AcY7....)....
Start Time: 1581571257
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
---
Both of my devices IoT Device and IoT Edge Device are running on same Ubuntu virtual machine. I have installed root ca in Ubuntu device as below
sudo cp <path>/azure-iot-test-only.root.ca.cert.pem /usr/local/share/ca-certificates/azure-iot-test-only.root.ca.cert.pem.crt
sudo update-ca-certificates
Resolution:
Thanks Silent for pointing me to the right direction. I need to add the azure-iot-test-only.root.ca.cert.pem.crt path in my java code. for Devices with symmetric key attestation they need to present root ca certificate to validate the gateway device. this certificate is not needed for direct communication with Azure IoT Hub for Symmetric devices.
