Originally posted on 2020-11-05
NOTE: This is only for development! DO NOT DO THIS IN PRODUCTION!
Have you ever had to work with self-signed certificates or certificates for a system without a DNS name? If a certificate's X509v3 Subject Alternative Name
field isn't populated with the IP addresses of the system you're connecting to and/or you don't have the signing CA's certificate set up on your system you'll run into problems.
If you're using the AWS IoT device SDK for Python there is a workaround though. The code block below includes the basic setup and the final line of the code turns off hostname and CA verification.
#!/usr/bin/env python3
from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient
mqttc = AWSIoTMQTTClient("thing")
mqttc.configureEndpoint("IP_ADDRESS", 8883)
mqttc.configureCredentials(
"./rootca.pem",
"./thing.key",
"./thing.crt"
)
mqttc._mqtt_core._internal_async_client._paho_client._tls_insecure = True