原始证书未连接的 AWS IoT 还原事物

AWS IoT restore thing with original certificates not connecting

我使用 AWS Nodejs cli 在 AWS 上创建东西(使用 api 创建的东西 + 证书)

我有一个连接mqqtt服务器并发送心跳消息的测试脚本,一切正常。

我删除设备(非活动证书、分离证书、分离策略和删除内容)以测试意外删除。

我尝试使用以前的名称创建东西,但我没有创建新证书,而是上传了原始证书 certificate.pem(完全相同 certificate.pem),附加策略和设备(与最初相同) 最后激活证书。这里没有错误,在 IoT 控制台上一切似乎都很好。

但是当我 运行 测试脚本无法连接到 mqtt 服务器时(当 decive 没有证书或被删除时同样的行为):

2021-04-23T15:02:51.204 DEBUG Device:indoor-summer connecting...
{
  privateKey: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 51 49 42 41 41 4b 43 41 51 45 41 71 46 ... 1629 more bytes>,
  clientCert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 54 43 43 41 6b 47 67 41 77 49 42 41 67 49 55 65 58 ... 1170 more bytes>,
  caCert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 51 54 43 43 41 69 6d 67 41 77 49 42 41 67 49 54 42 6d ... 1138 more bytes>,
  clientId: 'indoor-summer',
  host: 'XXXXXXXXXX.iot.ap-southeast-1.amazonaws.com',
  debug: true,
  keepalive: 300,
  username: '?SDK=JavaScript&Version=2.2.6',
  reconnectPeriod: 1000,
  fastDisconnectDetection: true,
  resubscribe: false,
  protocol: 'mqtts',
  port: 8883,
  ca: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 51 54 43 43 41 69 6d 67 41 77 49 42 41 67 49 54 42 6d ... 1138 more bytes>,
  key: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 52 53 41 20 50 52 49 56 41 54 45 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 45 70 51 49 42 41 41 4b 43 41 51 45 41 71 46 ... 1629 more bytes>,
  cert: <Buffer 2d 2d 2d 2d 2d 42 45 47 49 4e 20 43 45 52 54 49 46 49 43 41 54 45 2d 2d 2d 2d 2d 0a 4d 49 49 44 57 54 43 43 41 6b 47 67 41 77 49 42 41 67 49 55 65 58 ... 1170 more bytes>,
  requestCert: true,
  rejectUnauthorized: true
}
attempting new mqtt connection...
connection lost - will attempt reconnection in 1 seconds...

2021-04-23T15:02:52.456 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 2 seconds...

2021-04-23T15:02:54.617 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 4 seconds...

2021-04-23T15:02:58.778 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 8 seconds...

2021-04-23T15:03:06.945 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 16 seconds...

2021-04-23T15:03:23.145 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 32 seconds...

2021-04-23T15:03:55.309 DEBUG Device:indoor-summer reconnect
connection lost - will attempt reconnection in 64 seconds...

要恢复我遵循的证书:https://docs.aws.amazon.com/iot/latest/developerguide/manual-cert-registration.html (Register a client certificate without a registered CA (CLI) )

编辑: 现在使用 AWS 控制台:

现在:

我漏了一步?

我从 AWS 支持部门得到了答复,这不是 IoT 核心问题,而是客户端库问题:

For the certificates that are registered using CA less registration (Register a client certificate without a registered CA), when connecting to AWS IoT, it must send SNI(Server Name Identifier). However, for V1 AWS JS Device SDK [1], the SDK doesn't send SNI. You will need to use V2 SDk [2]

关于 SNI 的更多信息:

https://www.globalsign.com/en/blog/what-is-server-name-indication

https://www.cloudflare.com/learning/ssl/what-is-sni/