Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IoT Cloud Certificate creation issue #10

Open
a1ext opened this issue Mar 2, 2025 · 0 comments
Open

IoT Cloud Certificate creation issue #10

a1ext opened this issue Mar 2, 2025 · 0 comments

Comments

@a1ext
Copy link

a1ext commented Mar 2, 2025

Hi, I'm trying to register my new portenta x8 with an Arduino iot-cloud, given it API key but it fails telling some strange errors like following (in the browser):

error: "unable to load certificate\n548482407496:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE\n"

I started digging into the problem, it seems like it is under provisioner container.

  • it successfully gets an access_token from give API keys
  • it successfully registers a new device in the inventory (/iot/v2/devices request), so I get UUID
  • it successfully generates CSR
  • it FAILS on attempt to submit new CSR ( PUT "${API_URL}/iot/v2/devices/${DEVICE_ID}/certs" request). the error I see is the following:
{"id":"UdUtHwDG","code":"precondition_failed","status":412,"detail":"\u0026{context.Background.WithValue(goa.key, *goa.adapter).WithCancel.WithValue(goa.key, *goaarduinologger.adapter).WithValue(app.authMiddlewareKey, goa.Middleware).WithValue(goa.key, DevicesV2CertsController).WithValue(goa.key, create).WithValue(goa.key, *goa.ResponseData).WithValue(goa.key, *goa.RequestData).WithValue(goa.key, *goaarduinologger.adapter).WithValue(goa.key, *goaarduinologger.adapter).WithValue(middleware.middlewareKey, Pd9XOJxO2Z-728649).WithValue(logging.loggerKeyType, *logrus.Entry).WithValue(goa.key, *goaarduinologger.adapter).WithValue(auth-approved-by, JWTAuthenticator[HMACIssuer]).WithValue(auth-subject, *auth.User).WithValue(auth-params, auth.Params).WithValue(goa.key, []string) 0xc026364580 0xc0218c01e0 d48cc278-845d-4143-b798-1f4d6580dbdc 0xc0218c0200}","meta":{"CA KEY Arduino not available":"MISSING"}}

So the error states CA KEY Arduino not available, but it is hardcoded here https://github.com/arduino/portenta-containers/blob/main/arduino-iot-cloud-provisioning/provisioning.sh#L171

    DEVICE_CERT=$(curl --silent --location                                                     \
                       --request PUT "${API_URL}/iot/v2/devices/${DEVICE_ID}/certs"            \
                       --header "Accept: application/json"                                     \
                       --header "Content-Type: application/json"                               \
                       --header "X-Organization: ${ORG_ID}"                                    \
                       --header "Authorization: Bearer ${ACCESS_TOKEN}"                        \
                       --data-raw "{\"ca\":\"Arduino\",\"csr\":\"${CSR}\",\"enabled\":true}" | \
                  jq .pem | tr -d '"')
    if [ $? -ne 0 ] || [ -z "$DEVICE_CERT" ] || [ "$DEVICE_CERT" == "null" ]; then
        echo -e $FAILURE
        return 1
    fi

so that request fails and /tmp/device-certificate.pem becomes empty which later will cause the initial error error: "unable to load certificate\n548482407496:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE\n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@a1ext