AWS IoT Greengrass V2 client cert only stays valid for 1 min when offline device connection
AWS IoT Greengrass V2 client cert only stays valid for 1 min when offline device connection
Published Apr 23, 2025
I’m running AWS IoT Greengrass V2 on a core device (“Greengrass‑device‑7”) and have a client thing (“DVC‑10”) that connects over MQTT with its X.509 cert ( both devices are connected via LAN ) . When the core is online, DVC‑10 connects just fine and its cert shows up under the folder /greengrass/v2/work/aws.greengrass.clientdevices.Auth/clients/
but as soon as I turn the core device’s Internet off, the cert disappears after about 1 minute and the client gets an
SSLV3_ALERT_CERTIFICATE_UNKNOWN error.What I’ve tried so far:
- clientDeviceTrustDurationMinutes set to 1440 in the client‑auth component, confirmed in
effectiveConfig.yaml - Redeployed the aws.greengrass.clientdevices.Auth component while the core was online and re‑connected DVC‑10
- Verified IAM role (GreengrassV2CoreDeviceRole) has
greengrass:ListClientDevicesAssociatedWithCoreDevice - Updated IoT policies on both core and client certs to include all required
greengrass:*andiot:Publish/Subscribe/Receiveactions
if tried the above things but still getting the same issue that i am unable to reconnect my client device to core device when core device do not have internet connection.
Has anyone run into this, or know what step I’m missing ? Any pointers appreciated!