Azure Sphere无法连接到边缘设备-- TLS握手失败
提问于 2021-08-23 06:00:26
我正在尝试以嵌套的方式将Azure设备配置为子设备,并将其设置为IoT边缘设备。以下是程序
- 按照这个链接https://learn.microsoft.com/en-us/azure/iot-edge/tutorial-nested-iot-edge?view=iotedge-2020-11形成一个Azure IoT边缘设备的层次结构(顶层+低层1+低层2),总共3层
- 遵循https://learn.microsoft.com/en-us/azure-sphere/app-development/setup-iot-edge?tabs=cliv1将SPhere配置为顶层的子设备。
- 我正在使用Azure示例,Azure IoT示例连接到边缘设备。对CMakeLists.txt和app_manifest.json文件(主机名为边缘设备的IP地址,证书为根证书(iotedge_config_cli_root.pem) )进行了必要的更改
- 通过Azure门户,将Azure Sphere设备设置为边缘设备(顶层)的子级.
- Azure Sphere设备是通过链接https://learn.microsoft.com/en-us/azure-sphere/app-development/setup-iot-hub?tabs=cliv2beta中的指令手动配置的
- 按照步骤6,向IoT边缘设备提供Azure Sphere设备的租户CA证书,并将租户CA证书以PEM格式附加到iotedge_config_cli_root.pem。
- 重新启动边缘设备,并尝试将球形设备连接到边缘设备。但没有成功。以下是edgeHub模块中的错误
<4> 2021-08-18 13:09:00.901 +00:00 [WRN] - TLS handshake failed., System.AggregateException: One or more errors occurred. (Authentication failed, see inner exception.) ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Interop+OpenSsl+SslException: SSL Handshake failed with OpenSSL error - SSL_ERROR_SSL. ---> Interop+Crypto+OpenSslCryptographicException: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate --- End of inner exception stack trace --- at Interop.OpenSsl.DoSslHandshake(SafeSslHandle context, Byte[] recvBuf, Int32 recvOffset, Int32 recvCount, Byte[]& sendBuf, Int32& sendCount) at System.Net.Security.SslStreamPal.HandshakeInternal(SafeFreeCredentials credential, SafeDeleteContext& context, ArraySegment1 inputBuffer, Byte[]& outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) --- End of inner exception stack trace --- at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest) --- End of stack trace from previous location where exception was thrown --- at System.Net.Security.SslStream.ThrowIfExceptional() at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.SslStream.EndAuthenticateAsServer(IAsyncResult asyncResult) at System.Net.Security.SslStream.<>c.<AuthenticateAsServerAsync>b__68_2(IAsyncResult iar) at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func2 endFunction, Action1 endAction, Task``1 promise, Boolean requiresSynchronization) --- End of inner exception stack trace ---, 734368d8 <4> 2021-08-18 13:10:01.660 +00:00 [WRN] - TLS handshake failed., System.IO.IOException: Channel is closed, 5cc9b5ea - 在球面,下面是错误
IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. /run/daa/41d781ff-519a-406d-b1dd-c4078f372dff [Azure IoT] Using HSM cert at /run/daa/41d781ff-519a-406d-b1dd-c4078f372dff [Azure IoT] Using HSM cert at /run/daa/41d781ff-519a-406d-b1dd-c4078f372dff [Azure IoT] Using HSM cert at /run/daa/41d781ff-519a-406d-b1dd-c4078f372dffINFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started. INFO: Azure IoT Hub connection complete. Azure IoT connection status: IOTHUB_CLIENT_CONNECTION_NO_NETWORK INFO: Azure IoT Hub connection started.**' - 根据https://github.com/Azure/azure-sphere-samples/blob/master/Samples/AzureIoT/Troubleshooting.md,在以下情况下可能会发生指向这些错误的错误:
- 未在IoT边缘设备上打开入站端口8883。有关更多信息,请参见打开IoT边缘网关设备端口中的步骤3以进行通信。
- 该示例使用的是不正确或无效的IoT边缘设备根CA证书。
- edgeAgent和edgeHub模块不在IoT边缘设备上运行。
但理由1和理由3是可以排除的。入站端口8883在边缘设备上打开,所有边缘模块都在运行。
在解决这个问题时需要你的帮助。注意,球形设备能够直接连接到IoT集线器。
谢谢你,杰万
回答 3
Stack Overflow用户
发布于 2021-08-23 14:46:55
Stack Overflow用户
发布于 2021-08-24 04:45:34
将环境变量“OptimizeForPerformance”设置为EdgeHub模块中的false,对于存在TLS握手错误(https://github.com/MicrosoftDocs/azure-docs/issues/15565和https://github.com/Azure/iotedge/issues/159)的人是有效的。
但是,我也遇到了这个错误,因为OptimizeForPerformance是假的,而且我还没有找到解决方案。我还认为这可能是模块间证书通信的一个问题。您可以尝试注释掉配置中的证书设置部分。
我也很好奇您在ca部分使用的证书中包含了什么?
Stack Overflow用户
发布于 2021-08-31 05:43:31
我通过修复我的CA证书解决了这个问题。对我来说,问题是证书中有一些无效的扩展。我不是专家,但我的无效证书显示它不能对其他证书进行签名,即使它在所有其他方面都被标记为CA证书。
另一个问题也可能是使用2038年到期的证书,或者在iotedge 1.1版本中使用更高版本的证书。请参阅https://learn.microsoft.com/en-us/azure/iot-edge/production-checklist?view=iotedge-2018-06&preserve-view=true#install-production-certificates
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/68894036
复制相关文章
![[技巧篇] 如何在不会的情况下解释 Python 设置文件的缓冲的问题](https://ask.qcloudimg.com/http-save/yehe-5636976/y9cnut5g26.jpeg)
点击加载更多
腾讯云开发者
