Chat: AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE, TLS (SSL) negotiation failed #615
Unanswered
rathnamachary
asked this question in
Q&A
Replies: 1 comment 1 reply
-
|
Running openssl s_client on my own greengrass install, the output looks largely similar with one glaring exception. Your output includes: IMO, you need to engage the greengrass team on how to solve this; it looks like a nucleus configuration or provisioning (cert) problem. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
thank you, i will check with them. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
ubuntu@HYD1WTL066:/data1/greengrass/aws-iot-device-sdk-python-v2/samples$ python3 basic_discovery.py --thing_name device2 --topic 'clients/device2/message' --message 'Hello World!' --ca_file /data/greengrass_client_cert/AmazonRootCA1.pem --cert /data/greengrass_client_cert2/e16cf71f9eef8971978fa9c2857404b646e4996933fdff033c0c420e2c1d1dec-certificate.pem.crt --key /data/greengrass_client_cert2/e16cf71f9eef8971978fa9c2857404b646e4996933fdff033c0c420e2c1d1dec-private.pem.key --region ap-northeast-1 --verbosity Warn
Performing greengrass discovery...
[WARN] [2025-04-08T08:48:22Z] [00007f651e7fc700] [http-connection] - static: Unrecognized ALPN protocol. Assuming HTTP/1.1
awsiot.greengrass_discovery.DiscoverResponse(gg_groups=[awsiot.greengrass_discovery.GGGroup(gg_group_id='greengrassV2-coreDevice-app_GreengrassQuickStartCore-195fac51d97', cores=[awsiot.greengrass_discovery.GGCore(thing_arn='arn:aws:iot:ap-northeast-1:888577031100:thing/app_GreengrassQuickStartCore-195fac51d97', connectivity=[awsiot.greengrass_discovery.ConnectivityInfo(id='10.10.1.194', host_address='10.10.1.194', metadata='', port=8883)])], certificate_authorities=['-----BEGIN CERTIFICATE-----\nMIID1TCCAr2gAwIBAgIVAI8Q4S2PJcaSqO+9A4OuxHZlHRXGMA0GCSqGSIb3DQEB\nCwUAMIGJMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPQW1hem9uLmNvbSBJbmMuMRww\nGgYDVQQLDBNBbWF6b24gV2ViIFNlcnZpY2VzMRMwEQYDVQQIDApXYXNoaW5ndG9u\nMRAwDgYDVQQHDAdTZWF0dGxlMRswGQYDVQQDDBJHcmVlbmdyYXNzIENvcmUgQ0Ew\nHhcNMjUwNDA1MTQxODM4WhcNMzAwNDA0MTQxODM4WjCBiTELMAkGA1UEBhMCVVMx\nGDAWBgNVBAoMD0FtYXpvbi5jb20gSW5jLjEcMBoGA1UECwwTQW1hem9uIFdlYiBT\nZXJ2aWNlczETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEb\nMBkGA1UEAwwSR3JlZW5ncmFzcyBDb3JlIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC\nAQ8AMIIBCgKCAQEAjLYgzVfGYczDsBTGD2hg7u0Kn4O5XPpi07TO/HVsyyuPoMLM\nCKeuVdxQoSYGf2p+KVO4KUHrNhIUq9YYcTs0sdMIgU+Lzwac8RFQOtQgRatS2syy\n93aQWfzKT+mtizXsnxLOA1lnPmRif848cg+XlwiEjOY777YilU5TZwf0QK94rMN+\nczMuIQPTMoPCWeUGMjK8QucOI0IPJ0YOC95qj/7GjejU1jVqBUGbCI1aSSlxOWZD\n56BE9t/P9ptjQCzybPbz2Z/SJURQyV0Dx91ttPWjVhoTd+ruI9Jp1mqVutQ8X7AW\n01Tix6vt7xQGK2uHdMbn3y909c9xZUrRYOd9rwIDAQABozIwMDAPBgNVHRMBAf8E\nBTADAQH/MB0GA1UdDgQWBBR02Nvb1K48b1Pn2fwIGJ9/80en6DANBgkqhkiG9w0B\nAQsFAAOCAQEAC0tMY9Ya2GngosyBLMT8s8AF9Mi7Xw2hNUqrcxdidEIRt3bf/Dll\n2UGg0VStQDWI6HtemBjw+B0U7BQsUWZvz54fcey2ExV87NJAt8BtbdVJbus0cyvs\nA02QRPGF5HckBhyw9EtWZw7KwMeMPJvKbwFVlMkKrowe5hBucsNmUerFYzDxLyfb\nWbRGNxjxtkuwIzo9E6GlGseuJEwoQtFxpHeEZIJY4vLXB1ISuR4z6X5XVXULcHtS\n12ewiRLP+FQKHHvbMlwzBlMp1MKqt0DS5tKZXTn8B/21ExUO03Tci1PUuVcmmdpY\nTirHw8y873LkgaSL3rcu6DOe6e5lci0hkQ==\n-----END CERTIFICATE-----\n'])])
Trying core arn:aws:iot:ap-northeast-1:888577031100:thing/app_GreengrassQuickStartCore-195fac51d97 at host 10.10.1.194 port 8883
[WARN] [2025-04-08T08:48:23Z] [00007f651ffff700] [tls-handler] - id=0x7f6510011c90: negotiation failed with error Certificate is untrusted (Error encountered in /aws-crt-python/crt/s2n/tls/s2n_x509_validator.c:229)
Connection failed with exception AWS_IO_TLS_ERROR_NEGOTIATION_FAILURE: TLS (SSL) negotiation failed
All connection attempts failed
[ERROR] [2025-04-08T08:48:41Z] [00007f65267ea740] [mqtt-client] - id=0x1957610: Connection is not open, and may not be closed
tried below:
PFA.
1)
ubuntu@HYD1WTL066:/data1/greengrass/aws-iot-device-sdk-python-v2/samples$ openssl verify -CAfile /data/greengrass_client_cert2/AmazonRootCA1.pem /data/greengrass_client_cert2/e16cf71f9eef8971978fa9c2857404b646e4996933fdff033c0c420e2c1d1dec-certificate.pem.crt &>verycert.txt
ubuntu@HYD1WTL066:/data1/greengrass/aws-iot-device-sdk-python-v2/samples$ openssl s_client -showcerts -connect localhost:8883 &>showcert.txt
verycert.txt
showcert.txt
Beta Was this translation helpful? Give feedback.
All reactions