科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Use x509 certificates for MQTT communication in ESP IDF - Stack Overflow

    Use x509 certificates for MQTT communication in ESP IDF - Stack Overflow

    programmeradmin0浏览0评论

    I have an application where I need to connect to a third party cloud via MQTT. For this, the third party has given a process for certificate generation as follows (The process is to be done on Linux):

    1. Generate a CSR (Certificate Signing Request) with SubjectAltName (SAN) extension. Prepare a 'reqf' file for this. The format of this file is as follows-
    ts = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
URI.1=<Add SAN’>
    1. Run the following command. This will generate a placeholder.csr and a private.key -

    openssl req -out placeholder.csr -newkey rsa:2048 -nodes -keyout private.key -config reqf

    1. The third party gives a 'ca.crt' file which is the public key certificate. Run the command below with this and above csr file. This process is to get the certificate signed by the third party -

    curl -o placeholder.crt -F [email protected] --cacert $CERT_HOME/ca.crt https://CADomainName/getCert

    I took these files and hardcoded them as strings in the ESP-IDF code as follows:

    void mqtt_app_start(void) {
    const esp_mqtt_client_config_t mqtt_cfg = {
        .broker = {
            .address.uri = "mqtts://sample.domain.name",
            .verification.certificate = (const char *)ca_cert
        },
        .credentials = {
            .authentication.certificate = (const char *)signed_crt,
            .authentication.key = (const char *)client_key_pem
        },
    };

    The ca_cert is the public key. signed_cert is the placeholder.crt generated after signing. client_key_pm is the private key. The placeholder.crt and the private key had metadata which I removed and only kept the

    -----BEGIN CERTIFICATE----
.
.
.
.
-----END CERTIFICATE------

    I am getting this error when I run the code:

    E (3632) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read(): EOF
E (3632) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read() error: errno=119
I (3642) mqtt: MQTT_EVENT_ERROR
I (3642) mqtt: Last error code reported from esp-tls: 0x8008
I (3652) mqtt: Last tls stack error number: 0x0
I (3652) mqtt: Last captured errno : 0 (Success)
E (3662) mqtt_client: esp_mqtt_connect: mqtt_message_receive() returned -2
E (3672) mqtt_client: MQTT connect failed
I (3672) mqtt: MQTT_EVENT_DISCONNECTED

    What can be the error in this?

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论