Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Custom CA

See original GitHub issue

Following the guide http://docs.aws.amazon.com/iot/latest/developerguide/iot-dg.pdf, I’m trying to use my own CA (self signed according to the instruction in the guide) to issue certificates.

This is the error I am getting:

Error: unable to get local issuer certificate
    at Error (native)
    at TLSSocket.<anonymous> (_tls_wrap.js:1065:38)
    at emitNone (events.js:80:13)
    at TLSSocket.emit (events.js:179:7)
    at TLSSocket._init.ssl.onclienthello.ssl.oncertcb.TLSSocket._finishInit (_tls_wrap.js:593:8)
    at TLSWrap.ssl.onclienthello.ssl.oncertcb.ssl.onnewsession.ssl.onhandshakedone (_tls_wrap.js:425:38)

Issue Analytics

State:
Created 7 years ago
Reactions:1
Comments:6

Top GitHub Comments

1reaction

mcollinacommented, Apr 28, 2016

I think I found the issue. the rootCA.pem is always the same as it is the certificate used to verify AWS IoT MQTT broker.

0reactions

dushyantbangalcommented, Jul 25, 2018

I got this issue when I was using the VeriSign Class 3 Public Primary G5 root CA certificate (which I got when I registered thing in us-east-2) instead of Amazon Root CA 1 (which I got when I registered thing in ap-south-1) I think they are using different rootCa for different regions, so even if you have one downloaded already,you need to make sure thats the one they give you when you use the “One Click Certificate creation”