Having Trouble with "Demo MQTT with TLS"


I am trying to run through the coreMQTT MQTT with TLS Demo project.

I was able to get the demo without TLS working, but I am having trouble with the server CA certificate for the TLS demo.

The program is establishing a TCP connection, but then I get the error:

69 16462 [DemoTask] [INFO] [SocketsWrapper] [TCP_Sockets_Connect:180] Established TCP connection with <ADDRESS HIDDEN>.
70 16602 [DemoTask] [ERROR] [MbedtlsTransport] [tlsHandshake:561] Failed to perform TLS handshake: mbedTLSError= X509 - Certificate verification failed, e.g. CRL, CA or signature check failed : <No-Low-Level-Code>.
71 16602 [IP-Task] FreeRTOS_closesocket[1497 to <ADDRESS HIDDEN>]: buffers 60 socks 0
[ERROR] [MQTTDemo] [prvConnectToServerWithBackoffRetries:633] 72 16602 [DemoTask] Connection to the broker failed, all attempts exhausted.
73 16642 [IP-Task] TCP: No active socket on port 1497 (<ADDRESS HIDDEN>:1884)

I am thinking that I am getting something wrong with the Server’s root CA certificate. I may be confused about where I am supposed to get this certificate. Could someone explain to me if they have a better understanding? I am a bit stuck at the moment.

The coreMQTT TLS demo uses AWS IoT Core as the connection target. The root CA for AWS is published here: Server authentication - AWS IoT Core

If you are using a different MQTT broker with TLS, then you will need the root CA for that broker.