Connection error for IoS connection to AWS IoT

Question

I am trying to connect an IoS app to AWS IoT.

I have set up authentication using an X.509 certificate, which is an X12 bundle containing the private key and certificate for an AWS IoT certificate connected to a policy which should allow all connection, all posts and all subscriptions (I have set the ‘resource’ to * for all of these). It also contains the AmazonRootCA certificate for my root user.

I have tested these certificates connect using the openssl command described here https://docs.aws.amazon.com/iot/latest/developerguide/diagnosing-connectivity-issues.html, which works, and I have tested that I can post to the IoT endpoint using MQQT using mosquitto from the command line. Both of these work fine.

When I import the certificates using AWSIoTManager.importIdentity there are no errors, but when I go to connect using either iotDataManager.connectUsingALPN or iotDataManager.connect it says the connection is invalid (specifically there is an error in connection_block_invoke_2).

Any help on this would be greatly appreciated! I assume it’s some kind of permissions based problem, or an issue with the policy?

re:Post Agent · Answer

Based on your description, there are several potential causes for your connection issue with AWS IoT from your iOS app:

1. Certificate Status: Even though your certificate works with OpenSSL and Mosquitto, ensure that the certificate is marked as "Active" in the AWS IoT console. Inactive certificates will be refused connection even if the policy is correct.

2. Policy Issues: While you've set up a policy with broad permissions (using "*" as the resource), there might still be issues with how the policy is attached to your certificate. Double-check that the policy is properly attached to the certificate you're using.

3. Certificate Format: When importing certificates into iOS using AWSIoTManager.importIdentity, the format needs to be correct. The X12 bundle format you mentioned should work, but verify that the iOS app is correctly extracting and using the certificates from this bundle.

4. Authentication Flow: iOS apps connecting to AWS IoT require proper mutual TLS authentication. Make sure your app is correctly implementing the TLS handshake process with the certificate and private key.

5. Endpoint Configuration: Verify that you're using the correct AWS IoT endpoint in your iOS app. The endpoint should be in the format "[account-specific-prefix]-ats.iot.[region].amazonaws.com".

6. Time Synchronization: TLS handshakes require accurate time. Ensure your device's time is correctly synchronized.

Since you've confirmed the certificates work with other tools, the issue is likely specific to how your iOS app is implementing the connection. Check your implementation against the AWS IoT SDK for iOS documentation, particularly focusing on how certificates are loaded and used during the connection process.  
**Sources**  
[Troubleshoot problems with the sample application - AWS IoT Core](https://docs.aws.amazon.com/iot/latest/developerguide/gs-device-troubleshoot.html)  
[ESP32 Fails to Connect to AWS IoT Core via MQTT (TLS Handshake Error) | AWS re:Post](https://repost.aws/questions/QU4Iuork20TSqIR7BtslETLA/esp32-fails-to-connect-to-aws-iot-core-via-mqtt-tls-handshake-error)  
[AUTHORIZATION_FAILURE IoT Core | AWS re:Post](https://repost.aws/questions/QUk4TuNx-rSnG19UoM4MlY4A/authorization-failure-iot-core)  
[Diagnosing connectivity issues - AWS IoT Core](https://docs.aws.amazon.com/iot/latest/developerguide/diagnosing-connectivity-issues.html)

Connection error for IoS connection to AWS IoT

Add your answer

Relevant content