尝试连接到AWS IoT时出现无法获取本地颁发者证书(_ssl.c:1056)的获取错误 [英] Getting Error unable to get local issuer certificate (_ssl.c:1056) when trying to connect to AWS IoT
本文介绍了尝试连接到AWS IoT时出现无法获取本地颁发者证书(_ssl.c:1056)的获取错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
尝试连接到AWS IoT时出现以下错误
myAWSIoTMQTTShadowClient.connect()
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 1271, in connect
return self._AWSIoTMQTTClient.connect(keepAliveIntervalSecond)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/MQTTLib.py", line 513, in connect
return self._mqtt_core.connect(keepAliveIntervalSecond)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 196, in connect
self.connect_async(keep_alive_sec, self._create_blocking_ack_callback(event))
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 223, in connect_async
raise e
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/mqtt_core.py", line 211, in connect_async
rc = self._internal_async_client.connect(keep_alive_sec, ack_callback)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/internal/clients.py", line 122, in connect
rc = self._paho_client.connect(host, port, keep_alive_sec)
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 665, in connect
return self.reconnect()
File "/usr/local/lib/python3.7/dist-packages/AWSIoTPythonSDK/core/protocol/paho/client.py", line 826, in reconnect
ciphers=self._tls_ciphers)
File "/usr/lib/python3.7/ssl.py", line 1222, in wrap_socket
suppress_ragged_eofs=suppress_ragged_eofs
File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
session=session
File "/usr/lib/python3.7/ssl.py", line 853, in _create
self.do_handshake()
File "/usr/lib/python3.7/ssl.py", line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)
我尝试了在这里找到的几种方法,包括https://timonweb.com/tutorials/fixing-certificate_verify_failed-error-when-trying-requests_html-out-on-mac/
但似乎什么都不管用。我正在使用Python 3运行Raspbian Linux
正在运行的命令
python3 Script.py --endpoint "aws endpoint" --rootCA /etc/ssl/certs/AmazonRootCA1.pem --cert /greengrass/certs/RPI-certificate.pem.crt --key /greengrass/certs/RPI-private.pem.key --thingName RaspberryPi --clientId RaspberryPi
还有没有人有其他推荐?
推荐答案
我今天第一次尝试PI IoT SDK时也看到了这个完全相同的错误。
在我的示例中,我使用的是Amazon根CA(RSA 2048)证书(按照Amazon的指示)。通过切换到VeriSign Class 3 Public Primary G5根CA证书(也在其网站上公布),连接正常。
因此,请尝试使用VeriSign Endpoint(旧版)从https://docs.aws.amazon.com/iot/latest/developerguide/server-authentication.html
AWS IoT文档链接到的根证书这篇关于尝试连接到AWS IoT时出现无法获取本地颁发者证书(_ssl.c:1056)的获取错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
