Hi,
Is there a way to change the default root_CA and self-signed cert/key pair in order to use the source code for STM32 IoT node over mqtt connecting to Exosite cloud (backgroud also using AWS cloud)?
I have tried to modify the both root ca and cert, but I got error at the opening the ssl socket …
If you want to use ECDSA keys, you can choose to do TLS in software at the cost of performance. Remove the project level define USE_OFFLOAD_SSL to do TLS in software.
Thank you for your information.
I am using RSA.
I have tried both with/without OFF_LOAD setting. It still reply me error in open the socket.
To be more specific both USE_OFFLOAD_SSL returns me same error :
if (ret == ES_WIFI_STATUS_OK)
{
sprintf((char*)Obj->CmdData,“P6=1\r”);
ret = AT_ExecuteCommand(Obj, Obj->CmdData, Obj->CmdData);
}
the ret is : ES_WIFI_STATUS_UNEXPECTED_CLOSED_SOCKET
PS: I have tested the root.ca and cleint/key pair with a raspberry Pi successfully.
I have the same issue with a self signed root CA and device certificates, set correctly:
keyCLIENT_CERTIFICATE_PEM
keyCLIENT_PRIVATE_KEY_PEM
keyJITR_DEVICE_CERTIFICATE_AUTHORITY_PEM
I am using the latest version of FreeRTOS and the default mqtt demo with a STM32 L4 B-L475E-IOT01A2 board, (WiFi firmware version is: C3.5.2.5.STM, WiFi firmware is up-to-date.)
I have 2 scenarios:
Just in time provisioning - device certificate and thing don’t exist in AWS IoT Core. Root CA already registered.
For both error is:
Details:"\r
[TCP SSL] Initialize Identity failed\r
[TCP SSL] Advanced context, failed to connect\r
ERROR: Unknown Error\r
Usage: P6 <0 = Stop, 1 = Start> \r
In es_wifi.c, ES_WIFI_StartClientConnection, line 1608.
The demo works with certificates generated directly in AWS IoT Core.
Self signed certificates work with mosquitto_pub and the python sdk publisher subscriber demo.
There is also an error in iot_network_afr.c, pAfrCredentials->pRootCa is NULL, I had to set it manually in SOCKETS_SetSockOpt in _tlsSetup, line 286.
Thank you for your detailed response.
Based on your indications, I managed to make my second scenario work, meaning using a self signed device certificate that was already active in the IoT Core.
The first scenario, JITP with a device certificate connecting for the first time to IoT Core didn’t work resulting in timeout: (MQTT connection 0x20001548, CONNECT operation 0x200016d0) Wait complete with result TIMEOUT.
I’ve even increased MQTT_TIMEOUT_MS to 300000, same result.
I don’t know where to look for logs, if any.
Thanks again for your time.