ESP8266 Developer Zone

Re: Does the SDK support client SSL connections to a server with a wildcard certificate?

2016-03-06T11:45:35+08:00

I get:

certificate 7cd
the file is not a PEM file.
rsa private key 4a8
certificate 2ee
Please load request certificate

I am trying to do both client certificate authentication and server certificate verification. I think that the first line starting certificate is the fact that the server certificate has been found. The rsa private key has been found and the client certificate has been found. I guess it is possible that I have the wrong names for these objects (I used certificate and rsa private key).

Actually it seemed that I had the key and the cert in the wrong order. It works better with them swapped over.

It still doesn't work -- even if I disable server certificate verification.

certificate 2ee
rsa private key 4a8
the file is not a PEM file.
client handshake start.
client handshake ok!
client's data invalid protocol
Error: SSL error 3

Does anyone have an example of working client certificate authentication? I'm using SDK 1.5.1 if it makes any difference...

I also tried 1.5.2 and it didn't help. I note that the log message complains about the objects not being in PEM format. However, the example code from espressif uses the DER format. Also the DER format works for server certificate verification.

Philip

Statistics: Posted by philip — Sun Mar 06, 2016 11:45 am

Re: Does the SDK support client SSL connections to a server with a wildcard certificate?

2016-01-21T14:43:18+08:00

Hi tomn46037,

were you ever able to connect to the AWS server?
I am struggling mightily with connecting (see post viewtopic.php?f=7&t=1639).
I get the same output as you "load request certificate" but also "the file is not a PEM file".

If you ever managed to connect to the amazon server: could you please describe how you created the certificates (I usually don't need any intermediate certificates when using mosquitto). And what you changed in the code to make the ESP finally talk to the server?

Thanks

Statistics: Posted by Deadolus — Thu Jan 21, 2016 2:43 pm

Re: Does the SDK support client SSL connections to a server with a wildcard certificate?

2015-11-24T13:26:32+08:00

Thank you! I'm able to connect now. Authentication is still failing, but I'm getting further.

Statistics: Posted by tomn46037 — Tue Nov 24, 2015 1:26 pm

Re: Does the SDK support client SSL connections to a server with a wildcard certificate?

2015-11-24T11:19:23+08:00

Hi,

esp_ca_cert.bin is corresponding to API : espconn_secure_ca_enable.

esp_cert_private_key.bin is corresponding to API : espconn_secure_cert_req_enable.

It seems that you missed the esp_cert_private_key.bin.

Download documentation about SSL

Statistics: Posted by ESP_Faye — Tue Nov 24, 2015 11:19 am

Does the SDK support client SSL connections to a server with a wildcard certificate?

2015-11-23T03:06:17+08:00

I'm trying to get an SSL connection working to a server with a wildcard SSL certificate. I'm pretty sure I've got everything setup correctly, I've placed the root and intermediate certificates into a file with make_cacert.py file and then downloaded that to my ESP8266 to 0x3C000 with "/home/tomn/development/esp8266/esp-open-sdk/esptool/esptool.py -p /dev/ttyAMA0 write_flash 0x3C000 ssl_server/esp_ca_cert.bin". I then added the following to my code:

espconn_secure_cert_req_enable( 0x01, 0x3C);

I'm getting the following when I try to connect:

TCP: Connect to domain A3CDU03RA86AJ8.iot.us-west-2.amazonaws.com:8883
DNS: found ip 52.10.37.3
TCP: connecting...
Please load request certificate

The only other thing I can think of is that the SDK doesn't yet support wildcard certificates? This post (https://github.com/esp8266/Arduino/issues/43) seems to suggest that it may not be there yet, and I'd like to verify before I spend too much time..

Statistics: Posted by tomn46037 — Mon Nov 23, 2015 3:06 am