In this issue with guest @lundinc, we cover how to debug a common issue we see on the FreeRTOS Community Forums — TLS handshake failure due to certificate mismatch. Specifically in this example demonstration, it’s actually an incorrect MQTT broker endpoint which was returning a root CA that we weren’t expecting.
To triage the issue, we use OpenSSL, TCPDUMP, and Wireshark to identify the root cause on a standard Raspberry Pi as an access point.
Commands run in the video:
-
openssl s_client -showcerts -connect <<ENDPOINT ADDRESS>> -
sudo tcpdump -i wlan0 src <<DEVICE IP ADDRESS>> or dst <<DEVICE IP ADDRESS>> -w <<YOUR FILE NAME FOR TCP DUMP>>.pcap -
open <<YOUR FILE NAME FOR TCP DUMP>>.pcap