search

copercini / esp8266-aws_iot

Some examples using x.509 certificates and TLSv1.2 under Arduino IDE
117 stars 50 forks source link

Issue connecting esp8266_aws_iot #21

Open Elie4 opened 4 years ago

Elie4 commented 4 years ago

Hello Guys, I am new here, I have a problem with arduino when opening certification files .der type, they don't open i dont know why. here's what i got when opening serial monitor :

...scandone state: 0 -> 2 (b0) .state: 2 -> 3 (0) state: 3 -> 5 (10) add 0 aid 10 cnt

connected with Nakhle..., channel 6 dhcp client start... ip:192.168.2.227,mask:255.255.255.0,gw:192.168.2.1 . WiFi connected IP address: 192.168.2.227 Heap: 40504 Failed to open cert file cert not loaded Failed to open private cert file private key not loaded Failed to open ca ca failed Heap: 40504 Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor.

My Code is the following:

include "FS.h"

include

include //https://www.arduinolibraries.info/libraries/pub-sub-client

include //https://www.arduinolibraries.info/libraries/ntp-client

include

//#define LISTEN_PORT 8883 // Update these with values suitable for your network.

define MQTT_TOPIC "$aws/things/ESP8266-FYP-test1/shadow/update" //topic for the MQTT

const char ssid = "Nakhle..."; const char password = "My Wifi Password ";

WiFiUDP ntpUDP; NTPClient timeClient(ntpUDP, "pool.ntp.org"); const char* AWS_endpoint = "a3rbwtuy3wpxaf-ats.iot.us-east-2.amazonaws.com"; //MQTT broker ip

void callback(char topic, byte payload, unsigned int length) { Serial.print("Message arrived ["); Serial.print(topic); Serial.print("] "); for (int i = 0; i < length; i++) { Serial.print((char)payload[i]); // Pring payload content } char led = (char)payload[62]; // Extracting the controlling command from the Payload to Controlling LED from AWS Serial.print("led command="); Serial.println(led); if(led==49) // 49 is the ASCI value of 1 { digitalWrite(D5, HIGH); Serial.println("LED_State changed to HIGH"); } else if(led==48) // 48 is the ASCI value of 0 { digitalWrite(D5, LOW); Serial.println("LED_State changed to LOW"); }
Serial.println(); } WiFiClientSecure espClient; PubSubClient client(AWS_endpoint, 8883, callback, espClient); //set MQTT port number to 8883 as per //standard long lastMsg = 0; char msg[50]; int value = 0;

void setup_wifi() {

delay(10); // We start by connecting to a WiFi network espClient.setBufferSizes(512, 512); Serial.println(); Serial.print("Connecting to "); Serial.println(ssid);

WiFi.begin(ssid, password);

while (WiFi.status() != WL_CONNECTED) { delay(500); Serial.print("."); }

Serial.println(""); Serial.println("WiFi connected"); Serial.println("IP address: "); Serial.println(WiFi.localIP());

timeClient.begin(); while(!timeClient.update()){ timeClient.forceUpdate(); }

espClient.setX509Time(timeClient.getEpochTime());

}

void reconnect() { // Loop until we're reconnected while (!client.connected()) { Serial.print("Attempting MQTT connection..."); // Attempt to connect if (client.connect("ESPthing")) { Serial.println("connected"); // Once connected, publish an announcement... client.publish("outTopic", "hello world"); // ... and resubscribe client.subscribe("inTopic"); } else { Serial.print("failed, rc="); Serial.print(client.state()); Serial.println(" try again in 5 seconds");

  char buf[256];
  espClient.getLastSSLError(buf,256);
  Serial.print("WiFiClientSecure SSL error: ");
  Serial.println(buf);

  // Wait 5 seconds before retrying
  delay(5000);
}

} }

void setup() {

Serial.begin(9600); Serial.setDebugOutput(true); // initialize digital pin LED_BUILTIN as an output. pinMode(D5, OUTPUT); setup_wifi(); delay(1000); if (!SPIFFS.begin()) { Serial.println("Failed to mount file system"); return; }

Serial.print("Heap: "); Serial.println(ESP.getFreeHeap()); // Load certificate file File cert = SPIFFS.open("C:/Users/User/Desktop/ESP8266_AWS-IOTCore/data/cert.der", "r"); //replace cert.crt eith your uploaded file name if (!cert) { Serial.println("Failed to open cert file"); } else Serial.println("Success to open cert file");

delay(1000);

if (espClient.loadCertificate(cert)) Serial.println("cert loaded"); else Serial.println("cert not loaded");

// Load private key file File private_key = SPIFFS.open("C:/Users/User/Desktop/ESP8266_AWS-IOTCore/data/private.der", "r"); //replace private eith your uploaded file name if (!private_key) { Serial.println("Failed to open private cert file"); } else Serial.println("Success to open private cert file");

delay(1000);

if (espClient.loadPrivateKey(private_key)) Serial.println("private key loaded"); else Serial.println("private key not loaded");

// Load CA file
File ca = SPIFFS.open("C:/Users/User/Desktop/ESP8266_AWS-IOTCore/data/ca.der", "r"); //replace ca eith your uploaded file name
if (!ca) {
  Serial.println("Failed to open ca ");
}
else
Serial.println("Success to open ca");

delay(1000);

if(espClient.loadCACert(ca))
Serial.println("ca loaded");
else
Serial.println("ca failed");

Serial.print("Heap: "); Serial.println(ESP.getFreeHeap()); }

void loop() {

if (!client.connected()) { reconnect(); } client.loop(); }

fixingthingsguy commented 4 years ago

Elie4, I'm not sure exactly, check that you loaded the certs into the ESP8266 using the "ESP826 Sketch data upload" command in the "tools" menu of the sketch. The sketch expects the certs to reside on the ESP8266, the way you have it is trying to read from the desktop, it looks like to me

Elie4 commented 4 years ago

hello fixingthingsguy, Thanks for replying. can you tell me how can i upload the certification on the board please, cause i only have the above code..

fixingthingsguy commented 4 years ago

Looks like we need to step back. Did you set up OSSL to convert the certs that you downloaded from AWS? If the answer is yes, may want to repeat the step(ie download certs, run it through OSSL) If the answer is no, perhaps you can follow this site which is based on Copercini(good directions but does not give credit to Copercini, unfortunate). He does exactly like Copercini's instructions but a little more detail that might help you. Please follow those instructions to the letter! The video is pretty good too. Might take you a few days to get this done, but check that you did each step exactly as specified. And it will work. https://electronicsinnovation.com/how-to-connect-nodemcu-esp8266-with-aws-iot-core-using-arduino-ide-mqtt/ Good luck.

fixingthingsguy commented 4 years ago

One additional point to the "Yes" answer (needs to be done anyhow no matter the answer!) The certs have to be in the same directory in a specific directory named "data" as your sketch. This is so esp8266 can load the certs into the ESP8266. Please don't copy below unless you have verified as I don't check the syntax closely. Concept provided. File cert = SPIFFS.open("/cert.der", "r");
File private_key = SPIFFS.open(" /private.der", "r"); File ca = SPIFFS.open(" /ca.der", "r");

Elie4 commented 4 years ago

One additional point to the "Yes" answer (needs to be done anyhow no matter the answer!) The certs have to be in the same directory in a specific directory named "data" as your sketch. This is so esp8266 can load the certs into the ESP8266. Please don't copy below unless you have verified as I don't check the syntax closely. Concept provided. File cert = SPIFFS.open("/cert.der", "r"); File private_key = SPIFFS.open(" /private.der", "r"); File ca = SPIFFS.open(" /ca.der", "r");

Thank you very much my problem is solved.

jigneshk5 commented 4 years ago

@Elie4 I'm getting the same error, How is your problem resolved?

fixingthingsguy commented 4 years ago

Please follow the link provided [https://electronicsinnovation.com/how-to-connect-nodemcu-esp8266-with-aws-iot-core-using-arduino-ide-mqtt/] Takes some time, but will get you there.

saikishorechalumuri commented 2 years ago

Please follow the link provided [https://electronicsinnovation.com/how-to-connect-nodemcu-esp8266-with-aws-iot-core-using-arduino-ide-mqtt/] Takes some time, but will get you there.

hey brother can you please reply my error i followed the steps correctly according to your vedio it took lot of time but it helped almost till 4 steps

i downloaded open ssl and converted the certficates into pem to der format after that i installed esp8266 sketch book required zip file and uplaoded my certicates i attached the output image below 1

and still iam getting the same error

Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection........scandone state: 0 -> 2 (b0) .state: 2 -> 3 (0) state: 3 -> 5 (10) add 0 aid 1 cnt .. connected with Corporate Tenant Wifi, channel 6 dhcp client start... ..ip:10.172.203.27,mask:255.255.254.0,gw:10.172.202.1 . WiFi connected IP address: 10.172.203.27 Heap: 40088 Failed to open cert file cert not loaded Failed to open private cert file private key not loaded Failed to open ca ca failed Heap: 40088 Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor.

saikishorechalumuri commented 2 years ago

Hi can you please reply my error IAM TRYING TO CONNECT MY NODE MCU WITH AWS IOT CORE i was unable to open the cert files unable to open them

my code is compiled image

the sourse code is

include "FS.h"

include

include

include

include

// Update these with values suitable for your network. const char ssid = "my wifi"; const char password = "password123"; WiFiUDP ntpUDP; NTPClient timeClient(ntpUDP, "pool.ntp.org"); const char AWS_endpoint = "our aws end point "; //MQTT broker ip//this is my private aws end point server void callback(char topic, byte* payload, unsigned int length) { Serial.print("Message arrived ["); Serial.print(topic); Serial.print("] "); for (int i = 0; i<length; i++) { Serial.print((char)payload[i]); } Serial.println(); } WiFiClientSecure espClient; PubSubClient client(AWS_endpoint, 8883, callback, espClient); //set MQTT port number to 8883 as per //standard long lastMsg = 0; char msg[50]; int value = 0; void setup_wifi() { delay(10); // We start by connecting to a WiFi network espClient.setBufferSizes(512, 512); Serial.println(); Serial.print("Connecting to "); Serial.println(ssid); WiFi.begin(ssid, password); while (WiFi.status() != WL_CONNECTED) { delay(500); Serial.print("."); } Serial.println(""); Serial.println("WiFi connected"); Serial.println("IP address: "); Serial.println(WiFi.localIP()); timeClient.begin(); while(!timeClient.update()){ timeClient.forceUpdate(); } espClient.setX509Time(timeClient.getEpochTime()); } void reconnect() { // Loop until we're reconnected while (!client.connected()) { Serial.print("Attempting MQTT connection..."); // Attempt to connect if (client.connect("ESPthing")) { Serial.println("connected"); // Once connected, publish an announcement... client.publish("outTopic", "hello world"); // ... and resubscribe client.subscribe("inTopic"); } else { Serial.print("failed, rc="); Serial.print(client.state()); Serial.println(" try again in 5 seconds"); char buf[256]; espClient.getLastSSLError(buf,256); Serial.print("WiFiClientSecure SSL error: "); Serial.println(buf); // Wait 5 seconds before retrying delay(5000); } } } void setup() { Serial.begin(115200); Serial.setDebugOutput(true); // initialize digital pin LED_BUILTIN as an output. pinMode(LED_BUILTIN, OUTPUT); setup_wifi(); delay(1000); if (!SPIFFS.begin()) { Serial.println("Failed to mount file system"); return; } Serial.print("Heap: "); Serial.println(ESP.getFreeHeap()); // Load certificate file File cert = SPIFFS.open("/cert.der", "r"); //replace cert.crt eith your uploaded file name if (!cert) { Serial.println("Failed to open cert file"); } else Serial.println("Success to open cert file"); delay(1000); if (espClient.loadCertificate(cert)) Serial.println("cert loaded"); else Serial.println("cert not loaded"); // Load private key file File private_key = SPIFFS.open("/private.der", "r"); //replace private eith your uploaded file name if (!private_key) { Serial.println("Failed to open private cert file"); } else Serial.println("Success to open private cert file"); delay(1000); if (espClient.loadPrivateKey(private_key)) Serial.println("private key loaded"); else Serial.println("private key not loaded"); // Load CA file File ca = SPIFFS.open("/ca.der", "r"); //replace ca eith your uploaded file name if (!ca) { Serial.println("Failed to open ca "); } else Serial.println("Success to open ca"); delay(1000); if(espClient.loadCACert(ca)) Serial.println("ca loaded"); else Serial.println("ca failed"); Serial.print("Heap: "); Serial.println(ESP.getFreeHeap()); } void loop() { if (!client.connected()) { reconnect(); } client.loop(); long now = millis(); if (now - lastMsg<2000) { lastMsg = now; ++value; snprintf (msg, 75, "{\"message\": \"hello world #%ld\"}", value); Serial.print("Publish message: "); Serial.println(msg); client.publish("outTopic", msg); Serial.print("Heap: "); Serial.println(ESP.getFreeHeap()); //Low heap can cause problems } digitalWrite(LED_BUILTIN, HIGH); // turn the LED on (HIGH is the voltage level) delay(100); // wait for a second digitalWrite(LED_BUILTIN, LOW); // turn the LED off by making the voltage LOW delay(100); // wait for a second }

i downloaded open ssl and converted the certficates into pem to der format after that i installed esp8266 sketch book required zip file and uplaoded my certicates i attached the output image below 1

and still iam getting the same error i was unable to connect the certficates i mean unable to load the certficates

connected with Corporate Tenant Wifi, channel 6 dhcp client start... ..ip:10.172.203.27,mask:255.255.254.0,gw:10.172.202.1 . WiFi connected IP address: 10.172.203.27 Heap: 40088 Failed to open cert file cert not loaded Failed to open private cert file private key not loaded Failed to open ca ca failed Heap: 40088 Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds WiFiClientSecure SSL error: Chain could not be linked to a trust anchor. Attempting MQTT connection...failed, rc=-2 try again in 5 seconds

saikishorechalumuri commented 2 years ago

@Elie4 I'm getting the same error, How is your problem resolved?

hey brother do you solve this error

fixingthingsguy commented 2 years ago

The only thing I can think of is1. verify you have enabled or a activated the certs in AWS.2. verify that your data directory for the certs is in same directory as yout .ino .3. Else, please recheck your steps.Goid luck

Sent from Yahoo Mail on Android

On Tue, May 17, 2022 at 8:55 AM, Sai kishore @.***> wrote:

@Elie4 I'm getting the same error, How is your problem resolved?

hey brother do you solve this error

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

fixingthingsguy commented 2 years ago

  Above is not correct I believe, it should be  afdlkajfj.der not  afdlkajfj .der.der On Tuesday, May 17, 2022, 10:44:22 AM CDT, S B @.***> wrote:

The only thing I can think of is1. verify you have enabled or a activated the certs in AWS.2. verify that your data directory for the certs is in same directory as yout .ino .3. Else, please recheck your steps.Goid luck

Sent from Yahoo Mail on Android

On Tue, May 17, 2022 at 8:55 AM, Sai kishore @.***> wrote:

@Elie4 I'm getting the same error, How is your problem resolved?

hey brother do you solve this error

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>