Quick tutorials: Connect to AWS IoT Core with Java11 HttpClient via HTTP using cacert and Thing’s private key and certificate

Having any trouble connecting to AWS IoT with publishing messages to AWS IoT topics in mind?

Here you will find some some quick steps for getting it right. The following steps assume that:

• you have some knowledge about how to create Thing, Policy and Certificates in AWS IoT Core,
• you know how to glue them together with ‘attach’ buttons,
• you know something about Java keystores,
• you know how to save generated private key, public key and cert for your Thing on your machine…

Let’s do it.

1. Log into AWS console with your credentials, go straight to AWS IoT Core,
2. Create Thing, create certificate for a Thing and save 3 files to your hard drive (-private.key.pem, -certificate.cert.pem, AmazonRootCA1.pem),
3. Create a P12 keystore from your’s Thing private key and it’s certificate like that:

openssl pkcs12 -export -in <?>-certificate.pem.crt -inkey <?>-private.pem.key -out some-keystore.p12

1. Copy client.p12 keystore to your src/main/resources directory,
2. Create a connector service class. You have an example here:

Try it out!

Some possible pitfalls:

1. Everything connects and sends out but do not receive any message on the topic:

Checkout your Policy attached to the certificate, especially Iot::Publish entries.

2. Problems with the connection, sudden disconnections reported by the DEBUG log:

Ensure you have activated your certificate in the AWS IoT Core.

3. Problems with certification chain:

Ensure you trust the Amazon CA certificate.

Sources:

https://docs.oracle.com/javase/10/security/sample-code-illustrating-secure-socket-connection-client-and-server.htm#JSSEC-GUID-A4D59ABB-62AF-4FC0–900E-A795FDC84E41

https://docs.aws.amazon.com/iot/latest/developerguide/http.html