Hello,
I test aws iot device sdk version 2.1.1 on QCA4020.OR.2.0_00048 SDK QCLI_DEMO . reference document is "80-ya121-140_b_qca402xcdb2x_development_kit_user_guide.pdf", follow the steps of 6.3.16.5. but when run command "aws_run", the connection error is -19.
I also test aws iot device sdk version 2.1.1 shadown exmaple on another laptop(linux). the shadown exmaple can run succesffully, it can connect with Cloud and update the values.
I have used same thing name , hostname , cert etc. information on above testing case.
what should I check further to find out the reason of error -19?
my aws iot manange police is
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:*",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": "arn:aws:iot:us-east-1:xxx:topic/test"
}
]
}
Thanks,
Xiuge
Error - 19 is returned when root certificate is invalid.
However based on your analysis , AWS connection is working fine with Linux Box, Can you try to set the aws params again and execute aws_run command ?
Kindly provide us the console logs and we assume the issue might be sporadic and kindly try multple cycles of setting params, json key values and aws_run to confirm the issue.
Hi Raja,
You are right, it's the root CA issue.
I downloaded the root CA when I created thing,
The instruction(on amazon when create thing) is :
the link is here : https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-ce...
I downloaded the first CA 1 "RSA 2048 bit key: Amazon Root CA 1" and used it to test, aws connetion then got error when run aws_run. However, the original aws iot device SDK on linux can work with this root CA 1, that's the reason I didn't suspect root CA at first. Could you help explain the reason?
by the way, I have got another root CA from others , and QCA4020 aws connection is successful.
thanks,
Xiuge
Can you try with the legacy rootCA and confim the issue is still seen ?
RSA 2048 bit key: VeriSign Class 3 Public Primary G5 root CA certificate https://www.symantec.com/content/en/us/enterprise/verisign/roots/VeriSig...
Thanks, the issue has been solved with correct root CA.
Hello,
I am getting the same error (-19) with my root CA. I tried using the one linked here but it didn't solve the issue for me.
One thing I'm not sure to understand is the 'single line statement' format expected?
Another question would be the line return format (windows, linux, none?). I tried several but not sure what is the one expected.
Please find below how I currently declare it:
Hello,
I've finally been able to make it work, using another CA from Amazon:
- ECC 256 bit key: Amazon Root CA 3.
It's available on this page: https://docs.aws.amazon.com/iot/latest/developerguide/managing-device-certs.html
Would you know why it didn't work with the first two certificates used? They are the following, from the same page:
- RSA 2048 bit key: VeriSign Class 3 Public Primary G5 root CA certificate
- RSA 2048 bit key: Amazon Root CA 1.
Obviously one of the differences seems to be the key format, ECC 256 bit vs RSA 2048 bit. Is it something in the configuration when storing the certificate that needs to be done differently?
Thanks for your help,
Best regards,
Ben