Closed polandj closed 6 years ago
polandj
commented
6 years ago For anyone else that comes across this. It seems that instead, if you create your own CA and certificates, you can then get it to connect. However, be aware that on the ESP8266, the initial handshake negotiation can take between 5 and 15 seconds. You'll need to deal with the watchdogs, etc. Learn more here: https://github.com/esp8266/Arduino/issues/3944
slaff
commented
6 years ago the initial handshake negotiation can take between 5 and 15 seconds.
@polandj You might be doing something wrong. From my humble experience the handshake takes less than 300 ms. Make sure to optimize your certificates on the server side and remove things like Netscape comments or other useless for a production certificate data. Although I am using the same library integrated in a different framework called Sming (https://github.com/SmingHub/Sming/tree/develop/samples/Basic_Ssl) I highly doubt that under Arduino that same library will work much slower.
OS: OSX 10.13.3 Arduino IDE: 1.8.5 ESP platform version: 2.4.0 Device: ESP-12 (nodemcuv2)
I'm trying to get my ESP to connect to AWS IoT. Using the attached sketch based on this one, I always get that the certificate is not yet valid:
I have attached (gzipped, sorry, GH doesn't like all extensions) the sample sketch and certificates in PEM and DER format. These are valid certs and endpoints, I know it's a security issue and plan on revoking/replacing them once I've figured this out.
I'm 90% certain this is a user error, but I can't seem to figure it out. I've tried editing the axtls library to print out the supposedly old timestamp versus the certificate span, but I can't figure out how to get the library to actually be linked against. It seems to be, but clearly doesn't take my changes. What I did:
So, not sure what else to do to debug.