Tag Archives: certificate

AWS IoT – error in discovery certificate_verify_failed

Hi everyone,

I ran into the following error while using the AWS IoT python SDK:

Error in discovery!
Error message: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:720)

It turns out that this was because I was using the wrong root certificate. In the documentation there are five certificates listed:

  • RSA 2048 bit key: VeriSign Class 3 Public Primary G5 root CA certificate
  • RSA 2048 bit key: Amazon Root CA 1
  • RSA 4096 bit key: Amazon Root CA 2
  • ECC 256 bit key: Amazon Root CA 3
  • ECC 384 bit key: Amazon Root CA 4

If you’re using the console to create the certificate and have already downloaded your device cert, public cert and private key you can use Amazon Root CA 1: https://www.amazontrust.com/repository/AmazonRootCA1.pem

As soon as that was added the error was resolved and I was able to move onto the next one. I found most of the info on the AWS forums but let me know if you have any questions: https://forums.aws.amazon.com/thread.jspa?threadID=286871


OpenSSL::PKey::RSAError Neither PUB key nor PRIV key:: nested asn1 error – Adaptive Payments Gem

Hey everyone,

I’ve been mucking around with PayPal for a while and decided to try out the adaptive_payments gem by Tommy Chheng. Unfortunately I ran into the following error:


Neither PUB key nor PRIV key:: nested asn1 error

It turns out that I’d simply skipped an important part of the readme file. The api_cert_file in the paypal_adaptive.yaml file should point to a file containing BOTH your paypal_cert_pem.txt and whatever your private key happens to be. This took an embarrassingly long time for me to figure out, so hopefully this will help some of you!

It turns out I still had this wrong, I was using the wrong certs. After sorting out a few more errors that I ran into after the one mentioned above I finally started getting a response from Paypal, unfortunately it was another error message:

Authentication failed. API credentials are incorrect

It turns out I was using the wrong certs. If you’ve run into the same problem you’ll need to go to Profile > Request API Credentials > Option 2 (Request API credentials to create your own API username and password.). Then download the cert and point to this.

Hey everyone, just another update to this. If you happened to be following the railscast on PayPal before attempting to use the gem, you may not get the option to download the certs mentioned above. To get around this, simply remove your existing certificates (Profile > API Access > Option 2 > Remove > Remove). You should now see the ‘Request API Certificate Option’.

Sorry about the confusing post, but there’s a *slight* chance it might be able to help someone else who runs into the same problem.