-
Notifications
You must be signed in to change notification settings - Fork 738
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in Open SSL Certificate #198
Comments
In the past I've seen OpenSSL on Yocto builds ignore the root certificate location. Try passing the certificate via the IoTHubClient_LL_SetOption with "TrustedCerts" option value. You can find the certificate in certs.c. You only need to use the first certificate in the array. If you have the OpenSSL command on your device you can try openssl version -d. This will tell you where it is looking for certificates. The openssl s_client command can also be a useful debugging tool. Mark Radbourne MSFT |
Hi @amiya068, There may also be another issue. If you are using openssl you most likely require certain "hashed" symlinks in order for openssl to find your certificate. They are normally installed in "post-install" steps for most distributions (i.e. debian / fedora ) when you install the respective package. I believe most distributions do this by running a perl script, but I haven't checked in a while. I assume you have an embedded system. This may require you to calculate the symlinks beforehand. You can find an explanation here in section Note: Installing the certificate will make it available for every program. If you do not wish to do that, follow @markrad's advice and use the TrustedCerts option. This will make the certificate only available for the IoT application instead of the whole system. If you wish to see what it should look like, check out I hope this helps. Kind Regards, |
Hi @markrad, It is using the "TrustedCerts" option with IoTHubClient_LL_SetOption. -sh-3.2# openssl version -d But the actual certificates are located under /etc/ssl/ folder, so i copied all the certificates under /usr/lib/ssl folder but still there was no luck with this. When i executed the command openssl s_client -connect cbpt01atqav2.azure-devices.net:443 it displayed the following, -sh-3.2# openssl s_client -connect cbpt01atqav2.azure-devices.net:443
|
Hi @amiya068, I've never researched this but I have noticed on some devices OpenSSL will ignore the directory that is apparently compiled in as the root certificate directory. I can only assume this is some other configuration option of which I am not aware. Since you are using AMQP please try the s_client command against port 5671 rather than 443. This will ensure you don't have a firewall issue. If you want to try the -CAfile option on s_client you can download the root certificate from https://ssl-tools.net/certificates/d4de20d05e66fc53fe1a50882c78db2852cae474.pem. This certificate is the same as the first certificate found in the array in certs.c at https://github.com/Azure/azure-iot-sdk-c/blob/master/certs/certs.c. Only pass the first certificate to the TrustedCerts option i.e. delete all of the certificates beyond the first. Mark Radbourne MSFT |
Hi @amiya068, I have closed this issue as stale. If you are still experiencing problems please reopen it or open a new issue. Thank you. Mark Radbourne MSFT |
Hi,
I have written an application for connecting to AzureIOT hub using AMQP protocol.
When i run the application it fails because of SSL issue.
Any help would be appreciate..
Below are the details for the OS
Yocto linux
Kernel 4.4.19-gdb0b54cdad
Info: IoT Hub SDK for C, version 1.1.19
Info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/c-utility/src/wsio.c Func:internal_close Line:150 wsio_close when not open.
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/iothub_client/src/iothubtransport_amqp_common.c Func:on_amqp_connection_state_changed Line:635 amqp_connection was closed unexpectedly; connection retry will be triggered.
Info: Transport state changed from AMQP_TRANSPORT_STATE_CONNECTED to AMQP_TRANSPORT_STATE_RECONNECTION_REQUIRED
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/amqp_management.c Func:amqp_management_close Line:888 AMQP management instance not open
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/iothub_client/src/iothubtransport_amqp_connection.c Func:on_cbs_open_complete Line:149 CBS open failed
Info: Preparing transport for re-connection
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/iothub_client/src/iothubtransport_amqp_cbs_auth.c Func:on_cbs_put_token_complete_callback Line:188 CBS reported status code 0, error: '(null)' for put-token operation for device '8ccaee1b-d70b-44b4-a5ad-9cc8f93f9993'
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/saslclientio.c Func:saslclientio_send Line:1133 send called while not open
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/connection.c Func:on_bytes_encoded Line:241 Cannot send encoded bytes
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/saslclientio.c Func:saslclientio_close Line:1083 saslclientio_close called while not open
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/connection.c Func:on_bytes_encoded Line:245 xio_close failed
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/saslclientio.c Func:saslclientio_close Line:1083 saslclientio_close called while not open
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/uamqp/src/connection.c Func:connection_close Line:1339 xio_close failed
Info: Transport state changed from AMQP_TRANSPORT_STATE_RECONNECTION_REQUIRED to AMQP_TRANSPORT_STATE_READY_FOR_RECONNECTION
Info: Transport state changed from AMQP_TRANSPORT_STATE_READY_FOR_RECONNECTION to AMQP_TRANSPORT_STATE_RECONNECTING
Info: Transport state changed from AMQP_TRANSPORT_STATE_RECONNECTING to AMQP_TRANSPORT_STATE_CONNECTED
The specified SAS token has an invalid signature. It does not match either the primary or secondary key of the device
Error: Time:Tue Aug 8 13:57:57 2017 File:/home/ifrohner/HVAC/IOT_latest/azure-iot-sdk-c/iothub_client/src/iothubtransport_amqp_common.c Func:IoTHubTransport_AMQP_Common_Device_DoWork Line:996 Failed performing DoWork for device '8ccaee1b-d70b-44b4-a5ad-9cc8f93f9993' (device reported state 4; number of previous failures: 0)
Info: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
i am not sure why this issue is appearing, it looks like an openssl issue. But i do have the openssl certificates in the below location,
"/etc/ssl/certs/ca-certificates.crt"
The text was updated successfully, but these errors were encountered: