Home/Support/Support Forum/Cannot connect to AWS IoT
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

Cannot connect to AWS IoT

0 votes
I have followed the instructions for connecting a XBC LTE Cat 1 Verizon to AWS IoT as described here: https://github.com/digidotcom/xbee-micropython/tree/master/samples/cellular/aws

The board I'm using is the Digi XBee Cellular LTE Cat 1 Development Kit, Verizon LTE Cat 1, USA ( https://www.digi.com/products/models/xkc-v1t-u ). Verizon signal strength is 3 bars and I've successfully tested network connectivity with both the Echo server ( https://www.digi.com/resources/documentation/Digidocs/90001541/tasks/t_echo_server.htm?TocPath=Getting%20started%7C_____10 ) and the Daytime server ( https://www.digi.com/resources/documentation/Digidocs/90001541/tasks/t_daytime_server.htm?tocpath=Connection%20examples%7C_____3 )

I created a thing, attached a policy and downloaded / renamed the certificate files ( https://www.digi.com/resources/documentation/digidocs/90002219/default.htm#tasks/t_install_certificates.htm%3FTocPath%3DUse%2520AWS%2520IoT%2520from%2520MicroPython%7C_____4 ) except for the now legacy VeriSign public certificate.

Since my AWS IoT host includes the "-ats" in the hostname, I downloaded the Amazon Root CA1 (2048) from this location https://www.amazontrust.com/repository/AmazonRootCA1.pem and saved it as the aws.ca file.

When testing the certificates on a desktop with Python 3 ( https://www.digi.com/resources/documentation/digidocs/90002219/default.htm#tasks/t_test_connection.htm%3FTocPath%3DUse%2520AWS%2520IoT%2520from%2520MicroPython%7C_____5 ), it connects successfully. I receive the expected output and it works great.

However, after I upload the three files (/flash/cert/aws.key, /flash/cert/aws.crt, /flash/cert/aws.ca) with the File system Manger tool, copy and paste the Micropython version of the "test connection" code with my parameters ( https://www.digi.com/resources/documentation/digidocs/90002219/default.htm#tasks/t_test_connection.htm%3FTocPath%3DUse%2520AWS%2520IoT%2520from%2520MicroPython%7C_____5 ) and run with CTRL+D, I receive the following error:

Traceback (most recent call last):
File "<stdin>", line 37, in <module>
File "<stdin>", line 24, in https_test
OSError: [Errno 7111] ECONNREFUSED

I've tested different file paths (relative "cert/aws.key" vs absolute "/flash/cert/aws.key") without success. Uploading the key file through XCTU (securely as well as insecurely) didn't change the error message received. The three files (aws.key, aws.crt, aws.ca) are the exact same ones that work successfully in Python3 using a Juypter Notebook.

The AWS IoT policy attached to the certificate is the most permissive.

Any help is greatly appreciated!
asked Nov 26, 2018 in Python by tylerkoldenjtp New to the Community (4 points)
I have the same issue. I'm getting a slightly different error.
Traceback (most recent call last):
  File "<stdin>", line 48, in <module>
  File "<stdin>", line 36, in https_test
OSError: [Errno 7005] EIO
Same problems here did you find a solution? is it related to -ats suffex?
I got it to work once without -ats but only once.

Please log in or register to answer this question.

2 Answers

0 votes
I got mine to work.
I had to remove the -ats from the account name on the aws endpoint and use the legacy ca pem from symantec. Hope this helps.
answered Nov 30, 2018 by theguy159 New to the Community (3 points)
0 votes
Correct. You have to remove the -ats from the account name in the endpoint url. You also have to make sure that you use the legacy PEM from Symantec. I've been using it like this for about a month now. Make sure that if the device restarts, that you set up the profiles again for the socket. You don't have to reimport the certs if you don't want to.
answered Jan 7 by theguy159 New to the Community (3 points)