mosquitto_pub porblem setting TLS options

Question

I am following https://aws.amazon.com/blogs/iot/just-in-time-registration-of-device-certificates-on-aws-iot/ and have a problem when executing the following command:

$ mosquitto_pub --cafile root.cert --cert deviceCertAndCACert.crt --key deviceCert.key -h .iot.us-east-1.amazonaws.com -p 8883 -q 1 -t foo/bar -i anyclientID --tls-version tlsv1.2 -m "Hello" -d

It gives me the error

Error: Problem setting TLS options.

I could not find what does this error mean and how to fix it. Do I need to "install" TLSv1.2 on my unbutu 16.04? Actually there is no information on how to install TLS1.2. There are some information regarding enable TLSv1.2 for apache or nginx, etc. Is TLSv1.2 built in Unbutu?

Answer 1

It's not a very useful error message. I found I was getting it with having a misspelled filename, in my case the --key option. Make sure you download the aws root.cert file per the instructions. You also do not show a value for the host name, but I assume that is because you are redacting that value. You will need to have the correct aws IoT Endpoint hostname for your account.

Answer 2

This is still an open issue in mosquitto github repository. The error message is not clear.

If you're following their JITR or JITP (the new way of auto-provisioning AWS IoT resources like certificates, policies, thing, etc), you should use the latest and preferred certificates. The one in the tutorial is using the legacy certificate which is VeriSign Class 3 Public Primary G5 root CA certificate.

You should use the ATS CA certificates. Like this one RSA 2048 bit key: Amazon Root CA 1 (Download it and save it as root.cert. That should fix your issue with Error: Problem setting TLS options.