Huzaifa Sserugo asked 6 months ago
Hello Santos, I have failed to configure tsl on my esp32, what is the best format for adding a certificate, I have been trying different ways but each comes with a new sort of errror. The current format is ;
the certificate is in cert4.h file
const char* cert4 = “MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yNDA1MjQwMjIxMzJaFw0yNDA4MjIwMjIxMzFaMBkxFzAVBgNVBAMTDnNzZXJ1emFpZmEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEOEwmkGYTzQZOyGp7HzGHKA=”;
deleted all new lines and remained with on long string
and the error code looks like this
start_ssl_client(): Starting socket
[121637][V][ssl_client.cpp:146] start_ssl_client(): Seeding the random number generator
[121638][V][ssl_client.cpp:155] start_ssl_client(): Setting up the SSL/TLS structure…
[121641][V][ssl_client.cpp:178] start_ssl_client(): Loading CA cert
[121648][E][ssl_client.cpp:37] _handle_error(): [start_ssl_client():187]: (-8576) X509 – The CRT/CRL/CSR format is invalid
, e.g. different type expected
I believe the settings on the server side are okay as I can do pub/sub succesfully between two android phones
kindly guide me through
Huzaifa Sserugo answered 6 months ago
I succeeded, I got the fullchain.pem from which I got the server certificate an rootCA certificate. The format I used is
const char* serverCertificate = “—–BEGIN CERTIFICATE—–\n”
“zCdgddgdCAxugAwIBAgISBPF1g+DNKh/0Mcp/+UU/jNwPMA0GCSqGSIb3DQEBCwUA\n”
“MDIxCzAnnnnaJBgNVRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\n”
“EwJSMasssdzAeFw0yNDA1MjQwMjzJaFw0yNDA4MjIwMjIxMzFaMBkxFzAVBgNVBAMT\n”
“DnNzZsaXJ1emFpZmEuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcigAEOEwmkGYT\n”
“zCocXGEwWHsP7/93im9QpsdaPSryU62nECaWTIz8F4oTa+6rvqBnSiPZefRyNYO3kTG\n”
….
…
“63rUeSk5C2UToX0/GYGsA6ytry3Wr0gVmcOLfmet4rr+GtpwVzPpn93Drs4fyEF+\n”
“xMBeZI0l/Q3RHZgMgHUwe43Y+48usmxIM7FJC7hg+rWJ0ExVsnG7qmxDAX0+u8H\n”
“5ej8yQJ9kHcsad7HzGHKA=\n”
“—–END CERTIFICATE—–“;
const char* rootCACertificate1 = \
“—–BEGIN CERTIFICATE—–\n” \
“frtv6gAwIBAgIRAJErCErPDBinU/bWLi56WnX1owDQYJKoZIhvcNAuytQAw\n” \
“TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoT6GVybmV0IFNlY3VyaXR5IFJlc2Vh\n” \
“cmNoIEdyb3VwMRUwEwYDhsJGxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\n” \
…..
and in main I put
espClient.setCACert(rootCACertificate1);
espClient.setCertificate(serverCertificate);
mqtt_client.setServer(mqtt_server, port);