Unable to connect client to IoT hub with test CA certificate chain RRS feed

  • Question

  • Way to produce:
    - Created Root CA and device certificate + key via the instructions in "Managing test CA certificates for samples and tutorials" found in github

    - Details of the creation:

        - Certificate chain with rsa setting

        - Uploaded the generated RootCA.pem to IoT hub and verified it succesfully

        - Created device certificate and key via the IoT Leaf device instructions

    - Created a python client with the example provided in microsoft documentation "Communicate with your IoT hub using the MQTT protocol --> Using the MQTT protocol directly (as a device) -->TLS/SSL configuration, certificate code example of paho-mqtt

    - Set the clients certificates as follows:
        - root certificate : RootCA.pem

        - device certificate: devicename-public.pem

        - device key: devicename-private.pem

    - Run the code and result is: "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed"

    - No connection attempt can be seen in IoT hub

    - If the clients root certificate is replaced by the Baltimore Root CA extracted from the azure-iot-sdk-c certs.c-file, then the connection succeeds. Why does the self created RootCA.pem not work ?

    Friday, April 24, 2020 12:26 PM