Originally posted on 2020-11-05
NOTE: This is only for development! DO NOT DO THIS IN PRODUCTION!
Have you ever had to work with self-signed certificates or certificates for a system without a DNS name? If a certificate's
X509v3 Subject Alternative Name field isn't populated with the IP addresses of the system you're connecting to and/or you don't have the signing CA's certificate set up on your system you'll run into problems.
If you're using the AWS IoT device SDK for Python there is a workaround though. The code block below includes the basic setup and the final line of the code turns off hostname and CA verification.
#!/usr/bin/env python3 from AWSIoTPythonSDK.MQTTLib import AWSIoTMQTTClient mqttc = AWSIoTMQTTClient("thing") mqttc.configureEndpoint("IP_ADDRESS", 8883) mqttc.configureCredentials( "./rootca.pem", "./thing.key", "./thing.crt" ) mqttc._mqtt_core._internal_async_client._paho_client._tls_insecure = True