Developer Guide

Diagnosing Connectivity Issues


How do my devices authenticate AWS IoT endpoints?

Add the AWS IoT CA certificate to your client’s trust store. You can download the CA certificate from here.

How can I validate a correctly configured certificate?

Use the OpenSSL s_client command to test a connection to the AWS IoT endpoint:

openssl s_client -connect -CAfile CA.pem -cert cert.pem -key privateKey.pem


I received a PUBNACK or SUBNACK response from the broker. What do I do?

Make sure that there is a policy attached to the certificate you are using to call AWS IoT. All publish/subscribe operations are denied by default.