Chat: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE, TLS (SSL) negotiation failed #615
Unanswered
rathnamachary
asked this question in
Q&A
Replies: 1 comment 1 reply
-
Running openssl s_client on my own greengrass install, the output looks largely similar with one glaring exception. Your output includes:
IMO, you need to engage the greengrass team on how to solve this; it looks like a nucleus configuration or provisioning (cert) problem. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
ubuntu@HYD1WTL066:/data1/greengrass/aws-iot-device-sdk-python-v2/samples$ python3 basic_discovery.py --thing_name device2 --topic 'clients/device2/message' --message 'Hello World!' --ca_file /data/greengrass_client_cert/AmazonRootCA1.pem --cert /data/greengrass_client_cert2/e16cf71f9eef8971978fa9c2857404b646e4996933fdff033c0c420e2c1d1dec-certificate.pem.crt --key /data/greengrass_client_cert2/e16cf71f9eef8971978fa9c2857404b646e4996933fdff033c0c420e2c1d1dec-private.pem.key --region ap-northeast-1 --verbosity Warn
Performing greengrass discovery...
[WARN] [2025-04-08T08:48:22Z] [00007f651e7fc700] [http-connection] - static: Unrecognized ALPN protocol. Assuming HTTP/1.1
awsiot.greengrass_discovery.DiscoverResponse(gg_groups=[awsiot.greengrass_discovery.GGGroup(gg_group_id='greengrassV2-coreDevice-app_GreengrassQuickStartCore-195fac51d97', cores=[awsiot.greengrass_discovery.GGCore(thing_arn='arn:aws:iot:ap-northeast-1:888577031100:thing/app_GreengrassQuickStartCore-195fac51d97', connectivity=[awsiot.greengrass_discovery.ConnectivityInfo(id='10.10.1.194', host_address='10.10.1.194', metadata='', port=8883)])], certificate_authorities=['-----BEGIN CERTIFICATE-----\nMIID1TCCAr2gAwIBAgIVAI8Q4S2PJcaSqO+9A4OuxHZlHRXGMA0GCSqGSIb3DQEB\nCwUAMIGJMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPQW1hem9uLmNvbSBJbmMuMRww\nGgYDVQQLDBNBbWF6b24gV2ViIFNlcnZpY2VzMRMwEQYDVQQIDApXYXNoaW5ndG9u\nMRAwDgYDVQQHDAdTZWF0dGxlMRswGQYDVQQDDBJHcmVlbmdyYXNzIENvcmUgQ0Ew\nHhcNMjUwNDA1MTQxODM4WhcNMzAwNDA0MTQxODM4WjCBiTELMAkGA1UEBhMCVVMx\nGDAWBgNVBAoMD0FtYXpvbi5jb20gSW5jLjEcMBoGA1UECwwTQW1hem9uIFdlYiBT\nZXJ2aWNlczETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEb\nMBkGA1UEAwwSR3JlZW5ncmFzcyBDb3JlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAjLYgzVfGYczDsBTGD2hg7u0Kn4O5XPpi07TO/HVsyyuPoMLM\nCKeuVdxQoSYGf2p+KVO4KUHrNhIUq9YYcTs0sdMIgU+Lzwac8RFQOtQgRatS2syy\n93aQWfzKT+mtizXsnxLOA1lnPmRif848cg+XlwiEjOY777YilU5TZwf0QK94rMN+\nczMuIQPTMoPCWeUGMjK8QucOI0IPJ0YOC95qj/7GjejU1jVqBUGbCI1aSSlxOWZD\n56BE9t/P9ptjQCzybPbz2Z/SJURQyV0Dx91ttPWjVhoTd+ruI9Jp1mqVutQ8X7AW\n01Tix6vt7xQGK2uHdMbn3y909c9xZUrRYOd9rwIDAQABozIwMDAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBR02Nvb1K48b1Pn2fwIGJ9/80en6DANBgkqhkiG9w0B\nAQsFAAOCAQEAC0tMY9Ya2GngosyBLMT8s8AF9Mi7Xw2hNUqrcxdidEIRt3bf/Dll\n2UGg0VStQDWI6HtemBjw+B0U7BQsUWZvz54fcey2ExV87NJAt8BtbdVJbus0cyvs\nA02QRPGF5HckBhyw9EtWZw7KwMeMPJvKbwFVlMkKrowe5hBucsNmUerFYzDxLyfb\nWbRGNxjxtkuwIzo9E6GlGseuJEwoQtFxpHeEZIJY4vLXB1ISuR4z6X5XVXULcHtS\n12ewiRLP+FQKHHvbMlwzBlMp1MKqt0DS5tKZXTn8B/21ExUO03Tci1PUuVcmmdpY\nTirHw8y873LkgaSL3rcu6DOe6e5lci0hkQ==\n-----END CERTIFICATE-----\n'])])
Trying core arn:aws:iot:ap-northeast-1:888577031100:thing/app_GreengrassQuickStartCore-195fac51d97 at host 10.10.1.194 port 8883
[WARN] [2025-04-08T08:48:23Z] [00007f651ffff700] [tls-handler] - id=0x7f6510011c90: negotiation failed with error Certificate is untrusted (Error encountered in /aws-crt-python/crt/s2n/tls/s2n_x509_validator.c:229)
Connection failed with exception AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed
All connection attempts failed
[ERROR] [2025-04-08T08:48:41Z] [00007f65267ea740] [mqtt-client] - id=0x1957610: Connection is not open, and may not be closed
tried below:
PFA.
1)
ubuntu@HYD1WTL066:/data1/greengrass/aws-iot-device-sdk-python-v2/samples$ openssl verify -CAfile /data/greengrass_client_cert2/AmazonRootCA1.pem /data/greengrass_client_cert2/e16cf71f9eef8971978fa9c2857404b646e4996933fdff033c0c420e2c1d1dec-certificate.pem.crt &>verycert.txt
ubuntu@HYD1WTL066:/data1/greengrass/aws-iot-device-sdk-python-v2/samples$ openssl s_client -showcerts -connect localhost:8883 &>showcert.txt
verycert.txt
showcert.txt
Beta Was this translation helpful? Give feedback.
All reactions