aws-sdkmqttiotaws-iotself-signed-certificate

AWS IoT Connection error : Invalid "caCert" option supplied with aws-iot-device-sdk


I've provisioned a device in AWS with device Certificate which is signed by my CA. Also, I've registered my CA along with verificationCert in AWS previously.

Now when I send the data, In the options,

var awsIot = require('aws-iot-device-sdk');
var device = awsIot.device({
privateKey: '--BEGIN RSA PRIVATE KEY--', //private key of my device
clientCert: '--BEGIN CERTIFICATE --', //cat deviceCertificate and registered CA 
caCert: '--BEGIN CERTIFICATE--', //Amazon root CA
clientId: 'Thing01',
region: 'us-west-2',
host: xxxxxxxx.iot.us-west-2.amazonaws.com,
secretKey: 'dcvevv',
accessKeyId: 'ferferer'
});

device.on('connect',function(err){
device.publish('$aws/things/Thing01/shadow/update',JSON.stringify({
"state" :{
  "desired": {
 "color": "blue"
 }
}
})
);
})

I'm getting below error

throw new Error(exceptions.INVALID_CA_CERT_OPTION); ^ Error: Invalid "caCert" option supplied.

Can anyone let me know where I'm doing wrong in the above code snippet?

Edit1: After making corrections in the options, below is the code:

    var awsIot = require('aws-iot-device-sdk');
    var device = awsIot.device({
    host:'xxxxx.iot.us-west-2.amazonaws.com',
    keyPath : './certs/deviceTest/5e2570c0605418.key',  
    certPath : './certs/deviceTest/5e2570c0605418AndCA.crt',   //cat of device and Registered CA
    caPath : './certs/rootCA.pem', //public cert of AWS root CA1 
    clientId: 'ManualDevice_01', //ThingName
    region : 'us-west-2',
   secretKey: 'xxxxxxxxxxxx',
   accessKeyId: 'xxxxxxxxxxxxxxxx'
  }); 
   console.log("Invoking on connect");
   device.on('connect',function(error ){
    console.log("In on connect !!");
    if(error)
       console.log('could not connect');
  device.publish('$aws/things/ManualDevice_01/shadow/update',JSON.stringify({
  "state" : {
    "desired" : {
        "color" : "pink",
        "power" : "off",
        "val":"1"
     }
    }
   } ), function(err){
   if(err)
      console.log("Could not send : Error : "+err)
   else
   {
      console.log("Sent data")
   } 
   }
  );
 console.log('Message sent........')
 })
 device.on('message',function(topic,payload){
     console.log('message',topic,payload.toString());
  })

The statements inside device.on('connect') are not getting executed. I could see only "Invoking on connect" being printed

Edit 2: Issue is resolved!!!

While creating a device, I have to attach Policy to it. Then I'm able to send the data in above specified way through MQTT with certificates.


Solution

  • The doc implies you should be passing paths to the files for the TLS certificate's and key.

    e.g.

    var device = awsIot.device({
       keyPath: <YourPrivateKeyPath>,
      certPath: <YourCertificatePath>,
        caPath: <YourRootCACertificatePath>,
      clientId: <YourUniqueClientIdentifier>,
          host: <YourCustomEndpoint>
    });
    

    Later on in the same doc it says caCert can be a buffer (not a String)

    • caCert: same as caPath, but can also accept a buffer containing CA certificate data

    This means you will need to decode the string value first.