ATCA aws-iot-setup = Invalid SSL Key

General
#1
  1. My goal is:

Use ATECC608B-TNGTLS for private key storage via aws-iot-setup

  1. My actions are:

mos aws-iot-setup --use-atca --atca-slot 2

  1. The result I see is:

The command appears to function correctly, generating a new private key, signing and storing cert on FS, and updating config:

*snip*

Generating ECDSA private key
ATECC608A rev 0x6003 S/N *****, config is locked, data is locked
Generating new private key in slot 2
Generating certificate request, CN: *****
Signing with slot 2...
Asking AWS for a certificate...

*snip*

Writing certificate to aws-*****.crt.pem...
Uploading aws-*****.crt.pem (1139 bytes)...

Updating config:
  aws.thing_name = 
  mqtt.enable = true
  mqtt.server = *****.amazonaws.com:8883
  mqtt.ssl_ca_cert = ca.pem
  mqtt.ssl_cert = aws-*****.crt.pem
  mqtt.ssl_cipher_suites = TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-128-GCM-SHA256
  mqtt.ssl_key = ATCA:2
Setting new configuration...
  1. My expectation & question is:

I’m expecting a successful MQTT connection, but instead I’m getting an invalid SSL key error:

mgos_mqtt_conn.c:435    MQTT0 connecting to *****.amazonaws.com:8883
mgos_event.c:135        ev MOS6 triggered 2 handlers
mongoose.c:3139         0x3ffce308 *****.amazonaws.com:8883 aws-*****.crt.pem,ATCA:2,ca.pem
mgos_vfs.c:283          aws-*****.crt.pem -> /aws-*****.crt.pem pl 1 -> 1 0x3ffc06d8 (refs 1)
mgos_vfs.c:377          open aws-*****.crt.pem 0x0 0x1b6 => 0x3ffc06d8 aws-*****.crt.pem 1 => 257 (refs 1)
mgos_vfs.c:536          fstat 257 => 0x3ffc06d8:1 => 0 (size 1139)
mgos_vfs.c:536          fstat 257 => 0x3ffc06d8:1 => 0 (size 1139)
mgos_vfs.c:564          lseek 257 0 1 => 0x3ffc06d8:1 => 0
mgos_vfs.c:564          lseek 257 1024 0 => 0x3ffc06d8:1 => 1024
mgos_vfs.c:564          lseek 257 0 0 => 0x3ffc06d8:1 => 0
mgos_vfs.c:410          close 257 => 0x3ffc06d8:1 => 0 (refs 0)
mgos_vfs.c:283          ATCA:2 -> /ATCA:2 pl 1 -> 1 0x3ffc06d8 (refs 1)
mgos_vfs.c:377          open ATCA:2 0x0 0x1b6 => 0x3ffc06d8 ATCA:2 -1 => -1 (refs 0)
mongoose.c:2376         0x3ffce308 0x0 1
mgos_mqtt_conn.c:450    Error: Invalid SSL key
mgos_mqtt_conn.c:519    MQTT0 connecting after 1848 ms

It appears to be reading the certificate off the FS but it also appears to be trying to read a file named ATCA:2 from the FS.

Result is same using either 2.20.0 or latest. Any ideas on how to make this succeed?

#2

Your chip reading seems to be failing. I’m not familiar with this so I can’t help any further