I am trying to connect to my server over https.
The I have generated private certificate and key for the device ( DER format and created the esp_cert_private_key.bin)
I used the make_cert.py tool (in the client-cert folder of the TLS_BiDirectVerif_Demo.zip) to
generate the ".bin" file - which I flashed into sector 2 of the flash (offset 8192).
The CA is private (self generated), and the cert is signed using this CA Key
Before using the espconn_secure_connect (), I use:
espconn_secure_set_size ()
espconn_secure_cert_req_enable (2) /* the private_key.bin file is in flash sector 2 <offset 8192> */
espconn_secure_connect ()
I get messages:
private_key: 260
certificate: 20e
the file is not a PEM file
However I see in the examples that was provided that you use DER outfor for the certificates.
Please help
Thanks
narayan
client SSL connection/certs
Re: client SSL connection/certs
Postby ESP_Faye » Wed Apr 06, 2016 10:43 am
Hi,
"the file is not a PEM file", in your case, it is a DER file, so it is not a PEM file. This is not a problem, we can also support DER file.
Sorry for the misunderstanding, we will revise this log.
"the file is not a PEM file", in your case, it is a DER file, so it is not a PEM file. This is not a problem, we can also support DER file.
Sorry for the misunderstanding, we will revise this log.
Re: client SSL connection/certs
Postby sslpia » Thu Jul 14, 2016 10:35 pm
Hi,
Could you please share the 'TLS_BiDirectVerif_Demo.zip' TLS Bi Directional Verification Demo example file as I am not able to find it anywhere.
I am getting the below error:
""
Thanks,
Kantesh
Could you please share the 'TLS_BiDirectVerif_Demo.zip' TLS Bi Directional Verification Demo example file as I am not able to find it anywhere.
I am getting the below error:
"
Code: Select all
Please load authenticate certificateThanks,
Kantesh
Re: client SSL connection/certs
Postby sslpia » Fri Jul 15, 2016 9:14 pm
Hi,
I was able to find the demo project files at http://bbs.espressif.com/download/file.php?id=1292, and able to proceed ahead with getting the espconn_secure_ca_enable(ESPCONN_CLIENT, 0x3B) and espconn_secure_cert_req_enable(ESPCONN_CLIENT, 0x3A) separately, i.e. when only espconn_secure_ca_enable() is called or only espconn_secure_cert_req_enable() is called. But when I enable both the functions, the ESP 8266 is failing to connect to MQTT Broker giving the same error as before:
This may mean that it is not able to find the "esp_ca_cert.bin" file. Can someone help me out?
Thanks,
Kantesh
I was able to find the demo project files at http://bbs.espressif.com/download/file.php?id=1292, and able to proceed ahead with getting the espconn_secure_ca_enable(ESPCONN_CLIENT, 0x3B) and espconn_secure_cert_req_enable(ESPCONN_CLIENT, 0x3A) separately, i.e. when only espconn_secure_ca_enable() is called or only espconn_secure_cert_req_enable() is called. But when I enable both the functions, the ESP 8266 is failing to connect to MQTT Broker giving the same error as before:
Code: Select all
Please load authenticate certificateThis may mean that it is not able to find the "esp_ca_cert.bin" file. Can someone help me out?
Thanks,
Kantesh
Re: client SSL connection/certs
Postby sslpia » Wed Sep 14, 2016 3:33 pm
Hi Everyone,
This is to help others who are stuck in a similar problem as us.
Earlier, we were using 0x3b for storing the ca_cert binary file and 0x3a for storing the private_key bin file. It turns out that in our setup, we had to use 0x3e for storing the private_key bin file. So in case you are facing a similar problem, check the available memory address space with your version of ESP8266 and try other possible memory locations.
Thanks!
This is to help others who are stuck in a similar problem as us.
Earlier, we were using 0x3b for storing the ca_cert binary file and 0x3a for storing the private_key bin file. It turns out that in our setup, we had to use 0x3e for storing the private_key bin file. So in case you are facing a similar problem, check the available memory address space with your version of ESP8266 and try other possible memory locations.
Thanks!
Re: client SSL connection/certs
Postby narayan » Thu Oct 06, 2016 1:15 am
I gave up on the SSL provided, and ported mbedtls-2.2.1
Much happier with it, and it actually works with the TLS version & Ciphers that I needed to support.
BTW - This also goes for the espconn abstraction that is provided. Use LWIP directly - Much more control.
Narayan
Much happier with it, and it actually works with the TLS version & Ciphers that I needed to support.
BTW - This also goes for the espconn abstraction that is provided. Use LWIP directly - Much more control.
Narayan
Who is online
Users browsing this forum: No registered users and 54 guests
Login
Newbies Start Here
Are you new to ESP8266?
Unsure what to do?
Dunno where to start?
Start right here!
Latest SDK
Documentation
Complete listing of the official ESP8266 related documentation release by ESPRESSIF!
Must read here!
- All times are UTC+08:00
- Top
- Delete all board cookies
About Us
Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. We are the manufacturer of ESP8266EX.