I am using AWS IOT MQTT protocol for realtime update on my web app, I'm getting this certificate error net::ERR_CERT_SYMANTEC_LEGACY on Chrome, it's only working on localhost.
I am using AWS IOT MQTT protocol for realtime update on my web app, I'm getting this certificate error net::ERR_CERT_SYMANTEC_LEGACY on Chrome, it's only working on localhost.
- Symantec certificates won't work from Chrome 70. Most AWS services have migrated but I don't know about IoT, I've asked in the AWS forum but I received no answer. – nachoab Commented Aug 24, 2018 at 15:34
2 Answers
Reset to default 12Symantec certificates won't work from Chrome 70
AWS just posted a solution:
- IoT endpoints can't be changed automatically like other AWS services because IoT devices need to be updated too.
- IoT now provides a new endpoint to Amazon Trust Services (ATS), which uses a trusted certificate. They have -ats at the end, i.e.
example-ats.iot.us-east-2.amazonaws.. Both new and old endpoints are interoperable (the only difference is the certificate). - New regions launched after May, 2018 serve Amazon Trust Services signed certificates only.
How to update:
- Run
aws iot describe-endpoint --endpoint-type iot:Data-ATS - Update the endpoint on your web app with that new URL.
More info at: How AWS IoT Core is Helping Customers Navigate the Uping Distrust of Symantec Certificate Authorities
Easiest way to get your new endpoint if you're worried about adding -ats to wrong place in url:
- Login to AWS account
- Go to IoT service page
- Select Settings from sidebar
- Copy-paste new endpoint
It only displays updated AST endpoint, so there's no way for you to copy wrong link.