Error: consumer can't find certificate

[johnMinelli]

Hi i've an error in the log of the consumer since it can't find the certificate, i guess the problem is in the simulator config: what do i need to put in the field caCertificate?

[ctron]

you need to put in the base64 encoded CA bundle of your AMQP endpoint

[johnMinelli]

I'm getting this but i don't know if i'm making a mistake with the certificate or i miss something else...
(I'm working in Minikube and as a messaging network i'm using the one in the deploy of Hono)

hono-artemis ClusterIP 10.96.82.250 "none" 5671/TCP 5d14h
hono-dispatch-router ClusterIP 10.96.28.132 "none" 5673/TCP 5d14h
hono-dispatch-router-ext LoadBalancer 10.96.223.211 10.96.223.211 15671:30671/TCP,15672:30672/TCP 5d14h

Producer log:

#devices: 10, #threads: 10
Auto Register: true
TLS insecure: false
Vertx Native: true
OpenSSL - available: true -> OpenSSL 1.0.2k-fips  26 Jan 2017
Key Manager: true
Host name validation: true
Device Registry - Version: V1, URL: http://10.96.94.138:28080

Consumer log:

Key Manager: true
Host name validation: true
TLS enabled
Using OpenSSL for proton
16:55:24.953 [vert.x-eventloop-thread-1] INFO  o.e.hono.client.impl.HonoClientImpl - stopping connection attempt to server [host: 10.96.223.211, port: 15671] due to terminal error
javax.security.sasl.AuthenticationException: Failed to authenticate
	at io.vertx.proton.impl.ProtonSaslClientAuthenticatorImpl.handleSaslFail(ProtonSaslClientAuthenticatorImpl.java:159)
	at io.vertx.proton.impl.ProtonSaslClientAuthenticatorImpl.process(ProtonSaslClientAuthenticatorImpl.java:98)
	at io.vertx.proton.impl.ProtonTransport.processSaslAuthentication(ProtonTransport.java:211)
	at io.vertx.proton.impl.ProtonTransport.handleSocketBuffer(ProtonTransport.java:194)
	at io.vertx.core.net.impl.NetSocketImpl$DataMessageHandler.handle(NetSocketImpl.java:392)
	at io.vertx.core.streams.impl.InboundBuffer.handleEvent(InboundBuffer.java:225)
	at io.vertx.core.streams.impl.InboundBuffer.write(InboundBuffer.java:123)

ecc.

I watched here the conf example: https://github.com/ctron/iot-simulator-operator/blob/develop/examples/config/simulator.yaml

For the caCertificate i went to kubernetes dashboard > Secrets > hono-dispatch-router-conf
and there i found the token: qdrouter-cert.pem, qdrouter-key.pem, trusted-certs.pem.
I thoght it was the first one...
I've also watched here https://www.eclipse.org/hono/docs/dev-guide/java_client_consumer/#encryption-of-communication about the trusted-certs.pem and comparing the ApplicationBaseExample with you consumer code, but probably i'm only messing up the things... do I maybe need to generate my certs?
Anyway do I need to register the tenant, device and credentials? (I've done it) Or there are maybe other steps to connect, that i'm missing?

On kube dashboard everything seems fine except for the consumer.
Thanks for the help

[ctron]

The javax.security.sasl.AuthenticationException looks more like an issue with the credentials. The "ca cert" is for accepting the TLS connection, from a client side perspective. The fact that you already get the authentication error would indicate to me that the TLS handshake is already working.

I am not so familiar with the raw Hono deployment, as I mostly work with Hono deployed via https://enmasse.io

[websterbye]

Hi, I encounter the same problem, everything seems fine except consumer, deploy on kubenernetes on the server, but It keeping complaing authentication exeception, read https://github.com/ctron/iot-simulator-operator/blob/develop/examples/config/simulator.yaml and https://www.eclipse.org/hono/docs/dev-guide/java_client_consumer/#encryption-of-communication, but still don't know how to get the credentials. If you have found the cause of the problem or know how to configure the credentials, possible to share with us? Thank you in advance.