Community
cancel
Showing results for 
Search instead for 
Did you mean: 
AAkas1
Beginner
1,896 Views

Intel Edison - Yocto - SSL /CaCerts Issue.

I am working with Intel Edison + Amazon AWS to send the sensor reading to the Amazon IoT.

Using the by yocto linux shipped with the board.

Using the Aws IoT Java client code.(https://github.com/aws/aws-iot-device-sdk-java GitHub - aws/aws-iot-device-sdk-java: Java SDK for connecting to AWS IoT from a device. )

I have created a Java JAR, which uses PAHO MQTT Client on JAVA to send MQTT messages to the Amazon IoT Service.

The Issue is -- When I run the JAR on Intel edison. I get the following error:

After doing my share of research. I have come to know that that ::: The error is due the reason that the JAVA 'Truststore' does not contain the required CA-Certificates installed for SSL to function. Ca-Certs are there in Edison, but not installed in the Java trust store.

Can anyone help me resolve this issue.

I am wondering why anyone else did not get this issue.

Thanks.

8 Replies
idata
Community Manager
44 Views

Hello akashdeep.sarin,

 

 

Thanks for reaching out!

 

 

You mentioned the following:

 

 

"...Using the by yocto linux shipped with the board…"

 

 

Does that mean that you haven't updated the board's image? If so, please try to flash the latest image on Edison (which can be found in https://downloadmirror.intel.com/26028/eng/iot-devkit-prof-dev-image-edison-20160606.zip) and try again.

 

 

Also, please remember that AWS support is owned by Amazon, therefore you might get more accurate help with them. If you need to contact them, you can do it by submitting an issue on their Github ( https://github.com/aws/aws-iot-device-sdk-java/issues).

 

 

I hope this helps.

 

-Peter.
idata
Community Manager
44 Views

Hi akashdeep.sarin,

 

 

Do you have any update about this?

 

 

-Peter.
PHult
New Contributor II
44 Views

What is the common approach to this for modules that has been build into a product and shipped?

idata
Community Manager
44 Views

Hi Peter-H,

 

 

I'm sorry, I don't understand what you mean, could you please explain us what you meant on your previous question? We would gladly try to answer you if do so.

 

 

We'll be waiting for your reply.

 

-Peter.
PHult
New Contributor II
44 Views

I assumed that the issue was not a one time bug but rather an outdated cert store.

As far as I understand it in general, cryptographic solutions has a much shorter lifespan than other technology.

Cert stores need to be updated.

New algorithms need to be implemented when previously working ones are retired.

This means that any embedded device using Intel Edison must be updated every second year.

Sorry I guess this is a topic of its own.

Once a device is in production it's not something you can put back on your desk and flash.

What would be the best approach to update an embedded Intel Edison once it's in production?

idata
Community Manager
44 Views

I understand your doubt.

 

 

The regular flashing method is to use the Setup Tool to flash your board. There are alternative to this procedure like using the flashall method, nevertheless, these methods require you to flash the boards one by one and with physical access to the boards. Unfortunately there are no official alternatives to remote update boards.

 

 

However, in earlier releases as version 146 and previous, there was an option in the script configure_edison (I believe it was --upgrade) that allowed to upgrade to the latest version of the image. You might be interested in checking the configure_edison script found on those versions, you might be able to modify it to search on your own server for the latest version of your custom image (this feature is no longer supported). Applying this might prove challenging but it would give you an option to update your products remotely.

 

 

In case you are interested, you can find the image 146 in https://downloadmirror.intel.com/24910/eng/edison-image-ww18-15.zip. The script configure_edison can be found in /usr/bin.

 

 

I hope this helps.

 

-Peter.
PHult
New Contributor II
44 Views

Thanks, I will start a new thread once I look into it.

idata
Community Manager
44 Views

Hi Peter-H,

 

 

Thanks for letting us know.

 

 

Please keep us updated on your project and if you have any doubts, please don't hesitate to contact us.

 

 

-Peter.