TLS Issue - Workers to AWS IoT Core

am trying to communicate to the AWS IoT core HTTPS endpoint through a cloudflare worker (using hono). I created a certificate and I tested successfully sending a message with curl and the downloaded certificates - HTTPS - AWS IoT Core

curl --tlsv1.2 \
    --cacert Amazon-root-CA-1.pem \
    --cert device.pem.crt \
    --key private.pem.key \
    --request POST \
    --data "{ \"message\": \"Hello, world\" }" \
    "https://IoT_data_endpoint:8443/topics/topic?qos=1"

Then I configured the binding with wrangler

pnpx wrangler mtls-certificate upload --cert device.pem.crt --key private.pem.key --name AWS_IOT

And then I configured an endpoint in hono

iotPublish.post("/", async (c) => {
  try {
    let topic = "test";
    let message = { message: "hello" };

    return await c.env.AWS_IOT.fetch(
      `https://xxxxxx.iot.eu-central-1.amazonaws.com:8443/topics/topic?qos=1`,
      {
        method: "POST",

        body: JSON.stringify(message),
      }
    );
  } catch (e) {
    console.log(e);
    return Response.json({ error: JSON.stringify(e) }, { status: 500 });
  }
});

The result is always

{
  "message": "Missing authentication",
  "traceId": "xxxxx"
}

Please help

Hi user89510,

It seems like you’re encountering an authentication issue when trying to communicate with the AWS IoT Core HTTPS endpoint through Cloudflare Worker using Hono.

The error message you’re receiving, ‘Missing authentication,’ suggests that the authentication credentials are not being properly passed or recognized by the AWS IoT Core.

A few things to double-check:

  1. Ensure that the mTLS certificate and key uploaded using Wrangler are correctly associated with your Cloudflare Worker. It’s crucial that these credentials are properly configured to authenticate with the AWS IoT Core.
  2. Verify that the endpoint URL (https://xxxxxx.iot.eu-central-1.amazonaws.com:8443/topics/topic?qos=1) is accurate and matches the AWS IoT Core HTTPS endpoint you’re attempting to access.
  3. Check if there are any additional authentication headers or parameters required by the AWS IoT Core. Sometimes, AWS services may have specific authentication requirements beyond just the certificate and key.

If you’ve verified all these points and are still encountering the issue, I recommend reviewing the AWS IoT Core documentation for any specific requirements or troubleshooting steps related to HTTPS communication and authentication.


David Sundberg
Founder and CEO at Veevt

Hi David,

Thank you for the reply! So, since I send a message with curl with the same certificate, I uploaded to Cloudflare neither that nor additional headers can be the reason since the curl command didn’t have any additional headers.

So, either the mtls is acting differently than the curl command above or the worker is not properly accessing the certificate…

Hello,

Have you solved the case yet? Because I got the same error.

From my observation, if I use curl to connect to port 8443 as per AWS docs, it succeeds. But when I use curl to connect to port 443, it says ‘error: missing authentication.’

My guess is that Cloudflare mTLS fetch ignores the port number and connects to port 443.