Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cloud connector does not connect to Azure IoT Hub #116

Open
mikehaller opened this issue Jun 19, 2023 · 3 comments
Open

Cloud connector does not connect to Azure IoT Hub #116

mikehaller opened this issue Jun 19, 2023 · 3 comments
Labels
bug Something isn't working

Comments

@mikehaller
Copy link
Contributor

When running sdv-provision, creating device certificates and register a new device in Azure IoT Hub, it prints the following error message when running the cloudconnector container:

2023/06/19 07:46:52.869238  [azure-connector]  ERROR  Cannot connect to Hub client_id=52-54-00-12-34-56 err="network Error : x509: certificate signed by unknown authority" mqtt_url=tls://<...>.azure-devices.net:8883

It seems the --caCert=iothub.crt argument for cloud connector is the wrong CA cert for Azure.
Documentation or default configuration should be updated.
@mikehaller mikehaller added the bug Something isn't working label Jun 19, 2023
@antaradey-itk
Copy link

antaradey-itk commented Jun 21, 2023
edited
Loading

Hello,

This error still seems to persist even after manual + sdv-provision.

cloudconn_err_invalid_cert

Steps followed:

  1. Followed the steps mentioned below to create rootca and signed it with the subca.
    https://learn.microsoft.com/en-us/azure/iot-hub/tutorial-x509-test-certs?tabs=linux
  2. Generated subca.crt
  3. Transferred subca.crt to /data/var/certificates/.
  4. Added the .pem certificates of the rootca, subca and device (all for testing) to Azure IoT certificates section.
  5. Mounted this file to cloudconnector container.
    "mount_points": [
    {
    "source": "/data/var/certificates/subca.crt",
    "destination": "/app/subca.crt",
    "propagation_mode": "rprivate"
    },
    {
    "source": "/data/var/certificates/device.crt",
    "destination": "/device.crt",
    "propagation_mode": "rprivate"
    },
    {
    "source": "/data/var/certificates/device.key",
    "destination": "/device.key",
    "propagation_mode": "rprivate"
    }
  6. Configured
    "config": {
    ...
    "CA_CERT_PATH=/app/subca.crt"
    ...
    }
  7. Run sdv-provision to generate X509 thumbprints. Added the device ID and thumprints to Azure new device.
  8. Restart cloud container.

Note: I see that the sdv-provision is automating the device certificate generation. On comparing the sdv-provision script and Azure client device certificate generation process, I was wondering if the following command is missing:

image.

I also tried created own device certificates and used it directly in the Kanto manifest to restart the containers. Also tried with manual creation of thumbprints using OpenSSL.

@vasilvas99
Copy link
Contributor

It seems that the issue might be related to this certificate expiring: https://github.com/eclipse-leda/leda-contrib-cloud-connector/blob/main/resources/iothub.crt
It gets built into the container and the last build was more than 10 months ago.

@vasilvas99 vasilvas99 mentioned this issue Oct 31, 2023
Closed
@kowshikk2
Copy link

is there any work-around for the cloud-connector to work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Leda Roadmap
Status: No status
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mikehaller @vasilvas99 @kowshikk2 @antaradey-itk