I've been doing this tutorial, Securely Connecting an Arduino MKR WiFi 1010 to AWS IoT Core | Arduino Documentation.
However, my Arduino fails to connect to the MQTT broker. I've double checked everything i've done. Could there be any steps I am missing or something I am doing wrong? (Using Windows instead of Macbook from arduino's tutorial).
I checked that my certificate is active on aws, I can't find anywhere to activate my "thing" though, if possible.
Thank you!
The first thing to add is the reason why the connection fails. Change this
to this (not much point trying more than once)
if (!mqttClient.connect(broker, 8883)) {
Serial.printf("failed to connect to MQTT broker: %d\n", mqttClient.connectError());
return;
}
The return values are at the top of MqttClient.h -- the most likely are
#define MQTT_CONNECTION_REFUSED -2
#define MQTT_CONNECTION_TIMEOUT -1
REFUSED is when there is something wrong with the TLS connection, which includes the server-side Amazon Root Certificate, which I see no mention of in the tutorial; or your client certificate and private key. If everything is good on the TLS side, that means AWS can ID the Thing by its certificate.
The connection timeout defaults to 30 seconds. If you get TIMEOUT immediately, that is likely a policy violation. The tutorial creates "a very open policy for testing", which is an understatement: it is maximally open. That may help to get a working demo, but doesn't help if you're trying to debug an issue later.
Your certificate has one or more policies attached. In a real policy, you will have one or more Statements for the iot:Connect Action, with a corresponding Resource that (starts with arn:aws:iot:<region>:<account>: and) ends like for example
client/ThatName -- exactly that nameclient/ThatName-* -- that name (and a hyphen) as a prefixclient/${iot:Connection.Thing.ThingName} -- the exact name of the ThingThe name must be set via mqttClient.setId. The tutorial does not set it, and the client falls back to the random-ish default name as described in the code comment. It's supposed to work with the "anything goes" policy (but I've never tried it).
Okay, thank you very much for the input! I am getting a refused connection, and I do believe it has something to do with the authentication not working.
Thanks,
I figured out my issue, it works now.
I put the request into the code and not the actual certificate that came from AWS. I had to open the .pem file in notepad that I downloaded from AWS and copy paste the certificate into the code then it worked.
Alright so to clarify here, he downloaded the certificate file from AWS and then he copied the contents into const char SECRET_CERTIFICATE[] = R"( -----BEGIN CERTIFICATE----- M.....== -----END CERTIFICATE----- )"; And the contents of that file are longer than the one that your board generates so please COPY FROM THE FILE AND NOT THE BOARD OUTPUT.
I've got exactly the same thing, did exactly the same steps. Still getting a -2 error.
I've attached the Cert to the policy and to the Thing in AWS IoT Core.
Anything else I can do? Anything I can try with root cert?
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.