Cannot get Python Device SDK to connect "Error in the IoTHub client due to TLS exchanges."

Justin Dale 6 Reputation points
2021-10-07T14:46:48.157+00:00

Hello,
I have written some code to upload data to IoT Hub. It works fine on Windows and Ubuntu, but I am trying to get it working on an InHand Gateway 502 device. The full error is below. It seems to me like it's trying to connect using certificates even though I've explicitly told it to use a connection string. I am guessing there is some SSL magic going on to secure the connection, but I'm not exactly sure what is missing. I tried installing the Certifi package which was already installed. It feels like it's missing a CA certificate or not trusting the one it has. Any suggestions?

[2021-10-06 22:11:11,292] [INFO] [mqtt_transport.py 150]: Creating client for connecting using MQTT over TCP
[2021-10-06 22:11:11,308] [INFO] [sync_clients.py 202]: Connecting to Hub...
[2021-10-06 22:11:11,316] [INFO] [pipeline_stages_base.py 969]: ReconnectStage(ConnectOperation): State changes LOGICALLY_DISCONNECTED->LOGICALLY_CONNECTED. Adding to wait list and sending new connect op down
[2021-10-06 22:11:11,325] [INFO] [mqtt_transport.py 394]: Connect using port 8883 (TCP)
[2021-10-06 22:11:11,686] [INFO] [mqtt_transport.py 297]: Forcing paho disconnect to prevent it from automatically reconnecting
[2021-10-06 22:11:11,689] [INFO] [pipeline_stages_mqtt.py 195]: transport.connect raised error
[2021-10-06 22:11:11,713] [INFO] [pipeline_stages_mqtt.py 196]: Traceback (most recent call last):
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/mqtt_transport.py", line 396, in connect
host=self._hostname, port=8883, keepalive=self._keep_alive
File "/root/INOS/IG902/system/install/PySDK-IG9/lib/python3.7/site-packages/paho/mqtt/client.py", line 941, in connect
File "/root/INOS/IG902/system/install/PySDK-IG9/lib/python3.7/site-packages/paho/mqtt/client.py", line 1104, in reconnect
File "/root/INOS/IG902/system/install/PySDK-IG9/lib/python37_std/ssl.py", line 1117, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/pipeline/pipeline_stages_mqtt.py", line 193, in _run_op
self.transport.connect(password=password)
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/mqtt_transport.py", line 408, in connect
raise exceptions.TlsExchangeAuthError(cause=e)
azure.iot.device.common.transport_exceptions.TlsExchangeAuthError: TlsExchangeAuthError(None) caused by SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)')

[2021-10-06 22:11:11,724] [INFO] [evented_callback.py 48]: Callback completed with error TlsExchangeAuthError(None) caused by SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to
get local issuer certificate (_ssl.c:1056)')
[2021-10-06 22:11:11,728] [INFO] [evented_callback.py 49]: NoneType: None

Traceback (most recent call last):
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/mqtt_transport.py", line 396, in connect
host=self._hostname, port=8883, keepalive=self._keep_alive
File "/root/INOS/IG902/system/install/PySDK-IG9/lib/python3.7/site-packages/paho/mqtt/client.py", line 941, in connect
File "/root/INOS/IG902/system/install/PySDK-IG9/lib/python3.7/site-packages/paho/mqtt/client.py", line 1104, in reconnect
File "/root/INOS/IG902/system/install/PySDK-IG9/lib/python37_std/ssl.py", line 1117, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/var/user/lib/python3.7/site-packages/azure/iot/device/iothub/sync_clients.py", line 34, in handle_result
return callback.wait_for_completion()
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/evented_callback.py", line 70, in wait_for_completion
raise self.exception
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/pipeline/pipeline_stages_mqtt.py", line 193, in _run_op
self.transport.connect(password=password)
File "/var/user/lib/python3.7/site-packages/azure/iot/device/common/mqtt_transport.py", line 408, in connect
raise exceptions.TlsExchangeAuthError(cause=e)
azure.iot.device.common.transport_exceptions.TlsExchangeAuthError: TlsExchangeAuthError(None) caused by SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "uploadagent.py", line 68, in <module>
main()
File "uploadagent.py", line 61, in main
device_client.connect()
File "/var/user/lib/python3.7/site-packages/azure/iot/device/patch_documentation.py", line 20, in connect
return super(IoTHubDeviceClient, self).connect()
File "/var/user/lib/python3.7/site-packages/azure/iot/device/iothub/sync_clients.py", line 206, in connect
handle_result(callback)
File "/var/user/lib/python3.7/site-packages/azure/iot/device/iothub/sync_clients.py", line 47, in handle_result
message="Error in the IoTHub client due to TLS exchanges.", cause=e
azure.iot.device.exceptions.ClientError: ClientError('Error in the IoTHub client due to TLS exchanges.') caused by TlsExchangeAuthError(None)

Azure IoT SDK
Azure IoT SDK
An Azure software development kit that facilitates building applications that connect to Azure IoT services.
212 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. QuantumCache 20,261 Reputation points
    2021-10-08T03:01:06.53+00:00

    Hello @Justin Dale

    Maybe you can check if this is an issue with OpenSSL installed on the device, I never worked with this device, but just a hint as mentioned here.

    pip install --upgrade certifi  
    open /Applications/Python\ 3.7/Install\ Certificates.command  
    
    0 comments No comments