AWS MQTT private key form PEM to DER

marcoind · May 25, 2021, 10:19am

Hi,
I followed this post https://forums.openmv.io/t/mqtt-connection-to-aws-iot-core/1464
to connect to AWS MQTT.
I understand that the keys and cert must be binary (DER) instead of PEM
I have manage to convert the cert in DER with openssl but failed to convert the private key form PEM to DER
I’m using the following openssl command
openssl x509 -outform der -in *****-certificate.pem.crt -out *******-certificate.der
for the cert and

openssl x509 -outform der -in *********-private.pem.key -out ********-private.key.der
for the key.
Openssl sprit out the following error message for the key
Expecting: TRUSTED CERTIFICATE
Does any one manage to convert the private key from pem to der?

My micropyhton code to connect mqtt through TLS is:

KEY_PATH = "6336c81ec8-public.pem.key"
CERT_PATH = "6336c81ec8-certificate.der"
with open(KEY_PATH, 'r') as f:
    key1 = f.read()
with open(CERT_PATH, 'r') as f:
    cert1 = f.read()
client = MQTTClient(client_id="esp32",
                    server="aeyd89uk69eiz-ats.iot.us-east-2.amazonaws.com",
                    port=8883,
                    keepalive=4000,
                    ssl=True,
                    ssl_params={ "key":key1, "cert":cert1, "server_side":False })
client.connect()
print ("MQTT client conencted")

marcoind · May 26, 2021, 3:27am

OUPS!!!
My mistake…
It finally work with openssl and i succesfully connect to AWS MQTT
The openssl syntax to convert the private key from PEM to DER is:
openssl pkcs8 -topk8 -nocrypt -in <YOURPEMPRIVATEKEY> -inform PEM -out <YOURDERPRIVATEKEY> -outform DER

tim3lord · September 23, 2022, 1:24pm

Thanks, I wish there was documentation on this. I spent days trying to figure this out

tim3lord · September 23, 2022, 2:33pm

@marcoind or anyone, does MQTT work well with the latest firmware? My board seems to just timeout with no errors after very similar code as above. It seems to die on MQTT client warp_socket function.

self.sock = ussl.wrap_socket(self.sock, **ssl_params)

Any ideas as to what could be causing this?

Edit Solved below

tim3lord · September 23, 2022, 7:23pm

Update

All I needed to do was enable polices inside of AWS IOT. Messages are now coming through!

{
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:*",
      "Resource": "*"
    }
  ],
  "Version": "2012-10-17"
}

Topic		Replies	Views
MQTT connection to AWS-IOT-CORE OpenMV Products	8	2950	December 7, 2019
Periodic MQTT SSL Connection Failure (AWS IoT Core) OpenMV Products	3	442	January 8, 2023
HTTPS connections for Let's Encrypt Certs? OpenMV Products	3	659	September 3, 2020
Mqtt publish error OpenMV Products	8	268	December 9, 2022
MQTT with WiFi Shield? OpenMV Products	1	2237	April 22, 2017

AWS MQTT private key form PEM to DER

Related Topics