Hi, we are trying to get our application onto AWS VMs (Appstream and/or EC2) however whenever we try to make use of the Google Tileset it will not load on AWS VMs. Every other tileset works fine on there so we suspect that it has something to do with the Google endpoints. We also tried Google Earth and that works fine on AWS (though not sure if they use the same endpoints). AWS support were unable to assist us either so wondering if this is a known issue on Cesium’s side.
Any assistance or guidance would be much appreciated.
Curious to see If you experience the same with Cesium JS. Have you tried running a browser on the VM, then loading Google Photorealistic 3D tiles through CesiumJS, such as this sandcastle Cesium Demo
Obtaining the Unreal logs would also help, as HTTP errors from Cesium Native are typically reported.
We’re running on ap-southeast-2 AWS region.
Tried that sandcastle demo on the VM and that seems to be working fine.
Here’s the logs from Unreal:
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: request failed, libcurl error: 60 (SSL peer certificate or SSH remote key was not OK)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 0 ( Trying 142.250.66.234:443...)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 1 (Connected to tile.googleapis.com (142.250.66.234) port 443)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 2 (ALPN: curl offers http/1.1)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 3 (TLSv1.3 (OUT), TLS handshake, Client hello (1):)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 4 (TLSv1.3 (IN), TLS handshake, Server hello (2):)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 5 (TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 6 (TLSv1.3 (IN), TLS handshake, Certificate (11):)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 7 (TLSv1.3 (OUT), TLS alert, unknown CA (560):)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 8 (SSL certificate problem: unable to get local issuer certificate)
[2024.05.07-05.56.28:035][ 4]LogHttp: Warning: 000002AA1FEFC010: libcurl info message cache 9 (Closing connection)
[2024.05.07-05.56.28:238][ 5]LogCesium: Error: [2024-05-07 05:56:28.238] [error] [TilesetContentManager.cpp:837] An unexpected error occurred when loading tile: Request failed.
Looks like there’s an issue with the HTTP connection, any ideas?
Great thank you, I’m seeking some feedback internally.
In the meantime, if you are able to try directly accessing Google Photorealistic 3D Tiles via a Google Maps Account, that may help us narrow down the issue.
You’ll need to switch your tileset to use a URL instead of an ion asset id. The url should be this format, where YOUR_API_KEY is a key from your own Google Maps Platform API account with appropriate scope to access Photorealistic 3D Tiles.
https://tile.googleapis.com/v1/3dtiles/root.json?key=YOUR_API_KEY
Looping back for other readers who may encounter this problem.
After some offline troubleshooting, it was found the AWS VM was missing the GlobalSign Root CA certificate from the Windows certificate store.
Importing this certificate into the VM resolved the issue.
The specific certificate was identifying by pasting the IP address from the SSL error above into https://www.geocerts.com/ssl-checker and identifying any missing certificates from the system listed there.