I'm trying to get an SSL connection working to a server with a wildcard SSL certificate. I'm pretty sure I've got everything setup correctly, I've placed the root and intermediate certificates into a file with make_cacert.py file and then downloaded that to my ESP8266 to 0x3C000 with "/home/tomn/development/esp8266/esp-open-sdk/esptool/esptool.py -p /dev/ttyAMA0 write_flash 0x3C000 ssl_server/esp_ca_cert.bin". I then added the following to my code:
espconn_secure_cert_req_enable( 0x01, 0x3C);
I'm getting the following when I try to connect:
TCP: Connect to domain A3CDU03RA86AJ8.iot.us-west-2.amazonaws.com:8883
DNS: found ip 52.10.37.3
TCP: connecting...
Please load request certificate
The only other thing I can think of is that the SDK doesn't yet support wildcard certificates? This post (https://github.com/esp8266/Arduino/issues/43) seems to suggest that it may not be there yet, and I'd like to verify before I spend too much time..
Does the SDK support client SSL connections to a server with a wildcard certificate?
Re: Does the SDK support client SSL connections to a server with a wildcard certificate?
Postby ESP_Faye » Tue Nov 24, 2015 11:19 am
Hi,
esp_ca_cert.bin is corresponding to API : espconn_secure_ca_enable.
esp_cert_private_key.bin is corresponding to API : espconn_secure_cert_req_enable.
It seems that you missed the esp_cert_private_key.bin.
Download documentation about SSL
esp_ca_cert.bin is corresponding to API : espconn_secure_ca_enable.
esp_cert_private_key.bin is corresponding to API : espconn_secure_cert_req_enable.
It seems that you missed the esp_cert_private_key.bin.
Download documentation about SSL
Re: Does the SDK support client SSL connections to a server with a wildcard certificate?
Postby Deadolus » Thu Jan 21, 2016 2:43 pm
Hi tomn46037,
were you ever able to connect to the AWS server?
I am struggling mightily with connecting (see post viewtopic.php?f=7&t=1639).
I get the same output as you "load request certificate" but also "the file is not a PEM file".
If you ever managed to connect to the amazon server: could you please describe how you created the certificates (I usually don't need any intermediate certificates when using mosquitto). And what you changed in the code to make the ESP finally talk to the server?
Thanks
were you ever able to connect to the AWS server?
I am struggling mightily with connecting (see post viewtopic.php?f=7&t=1639).
I get the same output as you "load request certificate" but also "the file is not a PEM file".
If you ever managed to connect to the amazon server: could you please describe how you created the certificates (I usually don't need any intermediate certificates when using mosquitto). And what you changed in the code to make the ESP finally talk to the server?
Thanks
Re: Does the SDK support client SSL connections to a server with a wildcard certificate?
Postby philip » Sun Mar 06, 2016 11:45 am
I get:
certificate 7cd
the file is not a PEM file.
rsa private key 4a8
certificate 2ee
Please load request certificate
I am trying to do both client certificate authentication and server certificate verification. I think that the first line starting certificate is the fact that the server certificate has been found. The rsa private key has been found and the client certificate has been found. I guess it is possible that I have the wrong names for these objects (I used certificate and rsa private key).
Actually it seemed that I had the key and the cert in the wrong order. It works better with them swapped over.
It still doesn't work -- even if I disable server certificate verification.
certificate 2ee
rsa private key 4a8
the file is not a PEM file.
client handshake start.
client handshake ok!
client's data invalid protocol
Error: SSL error 3
Does anyone have an example of working client certificate authentication? I'm using SDK 1.5.1 if it makes any difference...
I also tried 1.5.2 and it didn't help. I note that the log message complains about the objects not being in PEM format. However, the example code from espressif uses the DER format. Also the DER format works for server certificate verification.
Philip
certificate 7cd
the file is not a PEM file.
rsa private key 4a8
certificate 2ee
Please load request certificate
I am trying to do both client certificate authentication and server certificate verification. I think that the first line starting certificate is the fact that the server certificate has been found. The rsa private key has been found and the client certificate has been found. I guess it is possible that I have the wrong names for these objects (I used certificate and rsa private key).
Actually it seemed that I had the key and the cert in the wrong order. It works better with them swapped over.
It still doesn't work -- even if I disable server certificate verification.
certificate 2ee
rsa private key 4a8
the file is not a PEM file.
client handshake start.
client handshake ok!
client's data invalid protocol
Error: SSL error 3
Does anyone have an example of working client certificate authentication? I'm using SDK 1.5.1 if it makes any difference...
I also tried 1.5.2 and it didn't help. I note that the log message complains about the objects not being in PEM format. However, the example code from espressif uses the DER format. Also the DER format works for server certificate verification.
Philip
Who is online
Users browsing this forum: No registered users and 189 guests
Login
Newbies Start Here
Are you new to ESP8266?
Unsure what to do?
Dunno where to start?
Start right here!
Latest SDK
Documentation
Complete listing of the official ESP8266 related documentation release by ESPRESSIF!
Must read here!
- All times are UTC+08:00
- Top
- Delete all board cookies
About Us
Espressif Systems is a fabless semiconductor company providing cutting-edge low power WiFi SoCs and wireless solutions for wireless communications and Internet of Things applications. We are the manufacturer of ESP8266EX.