Closed MaxiLargo closed 3 months ago
According to this ERROR.mConnectSSL: Certificate is expired or not yet valid.
you have to set the time correctly (as discussed here https://github.com/mobizt/ESP_SSLClient/issues/8 ). You have to use NTP or https://github.com/mobizt/ESP_SSLClient/blob/060b6bf67ef5a6cf06079fccfa89333abfcbbe42/src/client/BSSL_SSL_Client.cpp#L668
This library provides the same functions as ESP8266 WiFiClientSecure
.
As @Pablo2048 said, you have to set the time for the X509 certificate verification which can do with function ESP_SSLClient::setX509Time
or set your system time from NTP server via configTime
or set manually via settimeofday
.
You can follow this example.
Ok, i put the time with an NTP Server with EthernetUDP, and error change
EthernetClient basic_client;
ESP_SSLClient ssl_client;
PubSubClient client(ssl_client);
const char* root_ca PROGMEM = R"EOF(...)
void setupTime() {
timeClient.begin();
timeClient.update();
time_t now = timeClient.getEpochTime();
Serial.print(now);
ssl_client.setX509Time(now);
}
void setup() {
Serial.begin(115200);
M5.begin();
M5.Power.begin();
SPI.begin(SCK, MISO, MOSI, -1);
Ethernet.init(CS);
while (!Serial) {
;
}
Serial.println("Initialize Ethernet with DHCP:");
if (Ethernet.begin(mac) == 0) {
Serial.println("Failed to configure Ethernet using DHCP");
if (Ethernet.hardwareStatus() == EthernetNoHardware) {
Serial.println("Ethernet shield was not found. Sorry, can't run without hardware. :(");
while (true) {
delay(1);
}
}
if (Ethernet.linkStatus() == LinkOFF) {
Serial.println("Ethernet cable is not connected.");
}
Ethernet.begin(mac, ip);
} else {
Serial.print(" DHCP assigned IP ");
Serial.println(Ethernet.localIP());
}
M5.Lcd.println("M5Stack W5500 Test");
M5.Lcd.println(" ");
M5.Lcd.print(Ethernet.localIP());
ssl_client.setCACert(root_ca);
ssl_client.setBufferSizes(1024, 1024);
ssl_client.setDebugLevel(1);
ssl_client.setClient(&basic_client);
setupTime();
client.setServer(mqtt_server, 8883); // Puerto 8883 para conexión segura
}
logs:
Failed to connect to MQTT broker, rc=-2 ERROR.mConnectSSL: Failed to initlalize the SSL layer. ERROR.mConnectSSL: Chain could not be linked to a trust anchor.
The root_ca
you set is not the root certificate of mqtt server.
I used the same root_ca
for other projects with WiFiClientSecure
and had no problems publishing and subscribing from broker, the root certificate is from HiveMQ
It's not right. The root CA is expired or revoked from mqtt server, and you should use the current server root CA.
You should know that this library uses BearSSL cryptographic library as in ESP8266 WiFiClientSecure
.
You can prove what I said by using ESP8266 device with WiFiClientSecure
and see the result.
Hello, I have a somewhat similar problem. I have to connect to a broker (this one gave me a certificate) and when I want to connect with ethernet w5500
and the logs was:
can you help me pls?