我在 AWS IOT 中设置了“事物 -> 证书、密钥 -> 策略 -> 规则”,
当我尝试从我的命令行使用
openssl s_client -connect xxxxyyyy.iot.eu-central-1.amazonaws.com:8443 -CAfile rootCA.pem -cert 11111-certificate.pem.crt -key 11111-private.pem.key
它返回
connect: 没有这样的文件或目录 connect:errno=0
有什么问题,我该如何调试?
尝试进行远程登录,发现连接被我的防火墙阻止。
连接到不同的网络,我从服务器获得了有效密钥和证书的确认!
CONNECTED(000001A0)
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = *.iot.eu-central-1.amazonaws.com
verify return:1
---
Certificate chain
xxxx
xxxx
xxxx
---
Server certificate
-----BEGIN CERTIFICATE-----
AEcwRQIhAKApBrQq4drM1gB/Y/tkAE+8ABIi63ymi0QkUXZNxkbKAiBWOTc/uP9T
HI8U+s7LFC+/vS+LJU8CIEFXPCmAD5nvFH4F98Z8lVQ1Qoy1unXW9qZMP3bkP9cp
-----END CERTIFICATE-----
yyyy
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:DSA+SHA256:ECDSA+SHA224:RSA+SHA224:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 3437 bytes and written 1580 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 104 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : xxxxx
Session-ID: yyyyy
Session-ID-ctx:
Master-Key: aaaaa
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: gggg
Start Time: 12121212
Timeout : 300 (sec)
Verify return code: 0 (ok)
---