Aws-cli: AWS IOT UnicodeDecodeError error when register-ca-certificate

Based on Step 4 of the documentation you linked, you missed the file:// which means to use the contents of the file instead of the literal string value:

aws iot register-certificate -—certificate file://deviceCert.crt --caCertificate file://caCert.crt

So for the command you ran you probably need to do something like:

aws iot register-ca-certificate -—ca-certificate file://rootCA.pem -—verification-cert file://verificationCert.pem

Let us know if that helps.

Thanks reply, but still doesn't work :(
Maybe need to change python version?

test 1

aws iot register-ca-certificate -—ca-certificate file://vagrant/server-ca/rootCA.pem   -—verification-cert file://vagrant/server-ca/verificationCert.pem

error

/usr/lib/python2.7/argparse.py:2129: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
  if option_string == short_option_prefix:
Traceback (most recent call last):
  File "/usr/local/bin/aws", line 27, in <module>
    sys.exit(main())
  File "/usr/local/bin/aws", line 23, in main
    return awscli.clidriver.main()
  File "/usr/local/lib/python2.7/dist-packages/awscli/clidriver.py", line 50, in main
    return driver.main()
  File "/usr/local/lib/python2.7/dist-packages/awscli/clidriver.py", line 178, in main
    parsed_args, remaining = parser.parse_known_args(args)
  File "/usr/local/lib/python2.7/dist-packages/awscli/argparser.py", line 62, in parse_known_args
    parsed, remaining = super(CLIArgParser, self).parse_known_args(args, namespace)
  File "/usr/lib/python2.7/argparse.py", line 1722, in parse_known_args
    namespace, args = self._parse_known_args(args, namespace)
  File "/usr/lib/python2.7/argparse.py", line 1763, in _parse_known_args
    option_tuple = self._parse_optional(arg_string)
  File "/usr/lib/python2.7/argparse.py", line 2071, in _parse_optional
    option_tuples = self._get_option_tuples(arg_string)
  File "/usr/lib/python2.7/argparse.py", line 2133, in _get_option_tuples
    elif option_string.startswith(option_prefix):
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 1: ordinal not in range(128)

test 2

aws iot register-certificate -—certificate file://vagrant/test/certs/***-certificate.pem.crt --caCertificate file://vagrant/test/certs/root-CA.crt

error

/usr/lib/python2.7/argparse.py:2129: UnicodeWarning: Unicode equal comparison failed to convert both arguments to Unicode - interpreting them as being unequal
  if option_string == short_option_prefix:
Traceback (most recent call last):
  File "/usr/local/bin/aws", line 27, in <module>
    sys.exit(main())
  File "/usr/local/bin/aws", line 23, in main
    return awscli.clidriver.main()
  File "/usr/local/lib/python2.7/dist-packages/awscli/clidriver.py", line 50, in main
    return driver.main()
  File "/usr/local/lib/python2.7/dist-packages/awscli/clidriver.py", line 178, in main
    parsed_args, remaining = parser.parse_known_args(args)
  File "/usr/local/lib/python2.7/dist-packages/awscli/argparser.py", line 62, in parse_known_args
    parsed, remaining = super(CLIArgParser, self).parse_known_args(args, namespace)
  File "/usr/lib/python2.7/argparse.py", line 1722, in parse_known_args
    namespace, args = self._parse_known_args(args, namespace)
  File "/usr/lib/python2.7/argparse.py", line 1763, in _parse_known_args
    option_tuple = self._parse_optional(arg_string)
  File "/usr/lib/python2.7/argparse.py", line 2071, in _parse_optional
    option_tuples = self._get_option_tuples(arg_string)
  File "/usr/lib/python2.7/argparse.py", line 2133, in _get_option_tuples
    elif option_string.startswith(option_prefix):
UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 1: ordinal not in range(128)

No you should be fine. It looks like the files you are using are binary as you are receiving errors in which the file is trying to be decoded with ascii when they probably should not be decoded in the first place. Instead of using file:// try using fileb://. That will open the file as a binary and not try to decode it.

still same error...
I try

aws iot register-ca-certificate -—ca-certificate fileb://home/vagrant/ca-test/rootCA.pem -—verification-cert fileb://home/vagrant/ca-test/verificationCert.pem

Even I upgrade openssl version and Registering Your CA certificate again

OpenSSL 1.0.2j  26 Sep 2016

On the other hand

test 1: aws iot list-certificates

{
    "certificates": [
        {
            "certificateArn": "****",
            "status": "ACTIVE",
            "creationDate": 1476414436.704,
            "certificateId": "<CERTIFICATEID>"
        }
    ]
}

test 2: aws iot describe-ca-certificate --certificate-id <CERTIFICATEID>

return error
An error occurred (ResourceNotFoundException) when calling the DescribeCACertificate operation: Requested CA Certificate does not exist.

Alright let's take a step back since the file:// and fileb:// did not work. Can you provide debug logs for the command you ran? You can do so by appending --debug to the command you ran. That will give us a lot more insight on what is going on.

Closing due to inactivity

@iskWang did you manage to understand what was the problem?
I'm having the same issue over here, if you could share your findings it would be great.

This error occurs if you copy / paste step 5 from this page https://docs.aws.amazon.com/iot/latest/developerguide/device-certs-your-own.html .

The page incorrectly uses — (ASCII 151) instead of - (ASCII 45) for the intended hyphen.

@johnhopwood life saver! Thanks. They really should update the page. People don't retype commands from docs in general.

@johnhopwood Nice catch! I'll let the service team know about that issue.

@johnhopwood Just ran into this myself via the instructions on https://aws.amazon.com/blogs/iot/how-to-bridge-mosquitto-mqtt-broker-to-aws-iot/, which were probably copied from that original page...

@sgress454 How did you fix it? I'm trying to run
sudo aws iot create-keys-and-certificate --set-as-active --certificate-pem-outfile cert.crt --private-key-outfile private.key --public-key-outfile public.key –region eu-central-1 and I get that unicode error.

@theunreal I see that –region that looks like it needs to be re-typed as --region...

Basically just retype the whole command yourself to make sure there's no em-dashes in it that should be double-dashes.

In case anyone else has this issue, it can also be caused by not typing the = in the option: aws iam get-role -–role-name developers instead of aws iam get-role -–role-name=developers