Search code examples
amazon-web-servicesmqttiotaws-iot

MQTT.fx can't connect to AWS IoT (MqttException)

I am trying to follow this tutorial https://circuitdigest.com/tutorial/getting-started-with-amazon-aws-for-iot-projects

I did the all steps again and again but I can't get rid of MqttException error when click on "Connect" button in MQTT.fx.

I download the certificates from AWS IoT and keep them in C:\temp folder. I also checked log tab in MQTT.fx here you can see that below. Do you have any idea about how to solve it?

Thanks a lot!

2020-10-09 10:40:28,043 ERROR --- MqttFX ClientModel : Please verify your Settings (e.g. Broker Address, Broker Port & Client ID) and the user credentials! org.eclipse.paho.client.mqttv3.MqttException: MqttException at org.eclipse.paho.client.mqttv3.internal.ExceptionHelper.createMqttException(ExceptionHelper.java:38) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:715) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) ~[?:1.8.0_162] at java.util.concurrent.FutureTask.run(Unknown Source) ~[?:1.8.0_162] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(Unknown Source) ~[?:1.8.0_162] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source) ~[?:1.8.0_162] at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:1.8.0_162] at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_162] at java.lang.Thread.run(Unknown Source) [?:1.8.0_162] Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_162] at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:108) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:701) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] ... 7 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:1.8.0_162] at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[?:1.8.0_162] at sun.security.validator.Validator.validate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_162] at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:108) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:701) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] ... 7 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) ~[?:1.8.0_162] at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) ~[?:1.8.0_162] at java.security.cert.CertPathBuilder.build(Unknown Source) ~[?:1.8.0_162] at sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:1.8.0_162] at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[?:1.8.0_162] at sun.security.validator.Validator.validate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.Handshaker.process_record(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_162] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) ~[?:1.8.0_162] at org.eclipse.paho.client.mqttv3.internal.SSLNetworkModule.start(SSLNetworkModule.java:108) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] at org.eclipse.paho.client.mqttv3.internal.ClientComms$ConnectBG.run(ClientComms.java:701) ~[org.eclipse.paho.client.mqttv3-1.2.0.jar:?] ... 7 more 2020-10-09 10:40:28,045 INFO --- ScriptsController : Clear console. 2020-10-09 10:40:28,046 ERROR --- BrokerConnectService : MqttException

Solution

  • I solved my problem. It was about downloading the wrong certificate. You can find detailed solution here.

    After you create a thing in AWS IoT, download all the 3 certificates.

    If you want to get the CA certificate which is necessary for MQTT.fx you need to go here (you will see this link under the download certificates section in AWS IoT after you create your thing) and click on RSA 2048 bit key: Amazon Root CA 1 link. New tab will be open.

    Copy and paste this certificate to your notepad. Name it Amazon_Root_CA_1.pem and select All File types when you are saving it.

    Put all the certificates in one file. I keep them under C:\temp folder.

    And finally, this is how my configuration looks like:MQTT.fx configuration

    Now MQTT.fx will work hopefully :)