- My goal is:
Use ATECC608B-TNGTLS for private key storage via aws-iot-setup
- My actions are:
mos aws-iot-setup --use-atca --atca-slot 2
- The result I see is:
The command appears to function correctly, generating a new private key, signing and storing cert on FS, and updating config:
*snip*
Generating ECDSA private key
ATECC608A rev 0x6003 S/N *****, config is locked, data is locked
Generating new private key in slot 2
Generating certificate request, CN: *****
Signing with slot 2...
Asking AWS for a certificate...
*snip*
Writing certificate to aws-*****.crt.pem...
Uploading aws-*****.crt.pem (1139 bytes)...
Updating config:
aws.thing_name =
mqtt.enable = true
mqtt.server = *****.amazonaws.com:8883
mqtt.ssl_ca_cert = ca.pem
mqtt.ssl_cert = aws-*****.crt.pem
mqtt.ssl_cipher_suites = TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-RSA-WITH-AES-128-GCM-SHA256
mqtt.ssl_key = ATCA:2
Setting new configuration...
- My expectation & question is:
I’m expecting a successful MQTT connection, but instead I’m getting an invalid SSL key error:
mgos_mqtt_conn.c:435 MQTT0 connecting to *****.amazonaws.com:8883
mgos_event.c:135 ev MOS6 triggered 2 handlers
mongoose.c:3139 0x3ffce308 *****.amazonaws.com:8883 aws-*****.crt.pem,ATCA:2,ca.pem
mgos_vfs.c:283 aws-*****.crt.pem -> /aws-*****.crt.pem pl 1 -> 1 0x3ffc06d8 (refs 1)
mgos_vfs.c:377 open aws-*****.crt.pem 0x0 0x1b6 => 0x3ffc06d8 aws-*****.crt.pem 1 => 257 (refs 1)
mgos_vfs.c:536 fstat 257 => 0x3ffc06d8:1 => 0 (size 1139)
mgos_vfs.c:536 fstat 257 => 0x3ffc06d8:1 => 0 (size 1139)
mgos_vfs.c:564 lseek 257 0 1 => 0x3ffc06d8:1 => 0
mgos_vfs.c:564 lseek 257 1024 0 => 0x3ffc06d8:1 => 1024
mgos_vfs.c:564 lseek 257 0 0 => 0x3ffc06d8:1 => 0
mgos_vfs.c:410 close 257 => 0x3ffc06d8:1 => 0 (refs 0)
mgos_vfs.c:283 ATCA:2 -> /ATCA:2 pl 1 -> 1 0x3ffc06d8 (refs 1)
mgos_vfs.c:377 open ATCA:2 0x0 0x1b6 => 0x3ffc06d8 ATCA:2 -1 => -1 (refs 0)
mongoose.c:2376 0x3ffce308 0x0 1
mgos_mqtt_conn.c:450 Error: Invalid SSL key
mgos_mqtt_conn.c:519 MQTT0 connecting after 1848 ms
It appears to be reading the certificate off the FS but it also appears to be trying to read a file named ATCA:2 from the FS.
Result is same using either 2.20.0 or latest. Any ideas on how to make this succeed?