got NXD_MQTT_CONNECT_FAILURE as status of nxd_mqtt_client_connect

Dear all,

 

I got status as return for the funtion nxd_mqtt_client_connect as NXD_MQTT_CONNECT_FAILURE. 

I am using the code for the MQTT_TLS_AP_PK_S5D9.

  • In reply to Ian:

    Hi Ian,

    I am using my mobile hotspot and it is connected to the laptop then i make shared network through Ethernet to my board!

    and which CA certificate you download because there are almost 5 types of CA certificate format like verisign, 2048 byte and 4096 which you had downloaded can you share the pic from where you download the rootCA certificate!
  • In reply to Smit Majithia:

    Hi Smit,

    You don't need to download the rootCA certificate as I attached it to a previous post. This one works so rather than download another that may not I thought it best to give you the one I tested with.

    If you want to download your own it was downloaded from the AWS page when I created and added certificates to my Thing. The same time as I downloaded the private key and Thing certificate files.

    Ian.
  • In reply to Ian:

    hi

    I go through with proxy matter to my IT department, They give me fresh new laptop to work out with with no proxy and all ,

    Result is same , i go through code right now and debug it i found one thing regardin TLS nx_secure_tls_process_record and it go to this below snippet

     

     

    the message_length is 5007 decimal and tls_session-> nx_secure_tls_packet_buffer_size is 4000 decimal

     

    Can you explain this !

  • In reply to Smit Majithia:

    I some how manage to make the buffer of 4000 to 5100 and then i got the certificates but it got error as NX_SECURE_TLS_ISSUER_CERTIFICATE_NOT_FOUND as a return status !
    Can you explain this !
  • In reply to Smit Majithia:

    Is this problem seen when using the project you sent or your own code?

    It sounds like the rootCA certificate is not correct.

    Ian.
  • In reply to Ian:

    The code that i send !!

    rootCA i dont know why its problematic how to solve?

     

    and in wireshark it shows "Alert (level: Fatal, Description: Unknown CA)".

     

    as reply from my board!

     

    and it got in and find the certificate as NX_SECURE_X509_CERT_LOCATION_REMOTE.

    i Think it should be go in the NX_SECURE_X509_CERT_LOCATION_TRUSTED!

     

  • In reply to Ian:

    OK Ian,

    can you please try my key and certificates at your end so that i got clarity about the certification authencity i can share with you over here!
  • In reply to Smit Majithia:

    Hi,

    Yes the rootCA certificate should be added to the trusted certificates by calling nx_secure_tls_trusted_certificate_add() in the TLS setup callback. This will be done by the application project example when the rootCA is downloaded through the terminal console. Is this the project you are working with? I am not able to test your certificates and key as I do not have them. If you are using the application project for AWS as discussed so long as you have downloaded the Thing private key, Thing certificate and rootCA and loaded them into the demo via the console along with the Thing endpoint then it should work when connected directly to the internet.

    Ian.
  • In reply to Ian:

    hi Ian I can share you the the rootCA and Keys can you please check at your end?

    PFLink: drive.google.com/.../1KLCixSJgcd8ALA0xvGxYwLIRdV9E-46Y
  • In reply to Smit Majithia:

    Hi Smit,

    Are these to use with the AWS application project that you previously sent me?

    I will try and test the project later today.

    However, I am concerned that you have shared an AWS private key and certificate in a public forum. These could be picked and used by others which could incur considerable costs to the AWS account. For example if someone was to spin up a crypto currency miner. If you are happy to take this risk I will test the project. However, I would suggest that you revoke these credentials immediately. There are bots on the internet searching for such credentials.

    Ian.
  • In reply to Ian:

    Yed I will disable the link but can you please check for me as it goes so much late as a project prototype ,

    Can you please have a look for the same !!! Thanks
  • In reply to Ian:

    Hi Smit,

    I have not been able to connect with your credentials.

    Perhaps you have revoked them already?

    The endpoint does resolve. The TLS certificates are added to the trusted store and remote certificate store successfully. The failure comes when trying to connect to the MQTT server. This could be caused by many things such as incorrect private key and/or certificate for the Thing. Incorrect endpoint address. The endpoint address is server specific. So, a Thing created on one AWS server will not be visible on another.

    Is it possible that the Thing was not setup correctly with regard to the security credentials and permissions?

    Did you follow all the steps in the document for the application project? In particular steps "3.3.1 Creating a Device on AWS IoT Core" through to section 4? Without doing all these steps successfully the client will not be able to connect.

    Ian.