Closed Inkomidwastaken closed 3 years ago
Solved it! the variables for cert and key got mixed up in the example I used:
wsclient.setCertificate(test_client_key); // for client verification
wsclient.setPrivateKey(test_client_cert); // for client verification
when it should habe been:
wsclient.setCertificate(test_client_cert); // for client verification
wsclient.setPrivateKey(test_client_key); // for client verification
Solved it! the variables for cert and key got mixed up in the example I used:
wsclient.setCertificate(test_client_key); // for client verification
wsclient.setPrivateKey(test_client_cert); // for client verification
when it should habe been:
wsclient.setCertificate(test_client_cert); // for client verification
wsclient.setPrivateKey(test_client_key); // for client verification
I'm struggling to understand the example.
if i would make a secure connection to "io.adafruit.com" can i use the root certicate pem in my browser for this site ?
or do i need all three certificates to make a secure connection? client.setCACert(test_root_ca); //client.setCertificate(test_client_cert); // for client verification //client.setPrivateKey(test_client_key); // for client verification
and where do i get these certificates in my browser?
Hardware:
Board: ESP32 Dev Module Core Installation version: 1.0.4 IDE name: Arduino IDE Flash Frequency: 80Mhz PSRAM enabled: no Upload Speed: 921600 Computer OS: Windows 10
Description:
I'm trying to establish mutual TLS connection to my mosquitto(1.6.12) MQTT broker running on raspberry pi. I already did so by connecting via MQTTX to my broker (using the same certificates and keys) Using the ESP32, I manage to connect to the broker with server authentification only.
But I can't connect using the ESP and mutual TLS. In the verbose error logs it reads:
[E][ssl_client.cpp:33] _handle_error(): [start_ssl_client():167]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
Since thw connection using only server authentication was succesfull, i guess either the client key, client cert or both are formatted wrong.My Sketch is based on this example.
serial of the ESP32:
Logs on the broker:
Sketch:
Debug Messages: