ESP8266 Developer Zone The Official ESP8266 Forum 2016-10-06T01:15:42+08:00 https://bbs.espressif.com:443/feed.php?f=7&t=1959 2016-10-06T01:15:42+08:00 2016-10-06T01:15:42+08:00 https://bbs.espressif.com:443/viewtopic.php?t=1959&p=10060#p10060 <![CDATA[Re: client SSL connection/certs]]> Much happier with it, and it actually works with the TLS version & Ciphers that I needed to support.
BTW - This also goes for the espconn abstraction that is provided. Use LWIP directly - Much more control.

Narayan

Statistics: Posted by narayan — Thu Oct 06, 2016 1:15 am

]]> 2016-09-14T15:33:23+08:00 2016-09-14T15:33:23+08:00 https://bbs.espressif.com:443/viewtopic.php?t=1959&p=9825#p9825 <![CDATA[Re: client SSL connection/certs]]>
This is to help others who are stuck in a similar problem as us.

Earlier, we were using 0x3b for storing the ca_cert binary file and 0x3a for storing the private_key bin file. It turns out that in our setup, we had to use 0x3e for storing the private_key bin file. So in case you are facing a similar problem, check the available memory address space with your version of ESP8266 and try other possible memory locations.

Thanks!

Statistics: Posted by sslpia — Wed Sep 14, 2016 3:33 pm

]]> 2016-07-15T21:14:25+08:00 2016-07-15T21:14:25+08:00 https://bbs.espressif.com:443/viewtopic.php?t=1959&p=7980#p7980 <![CDATA[Re: client SSL connection/certs]]>
I was able to find the demo project files at http://bbs.espressif.com/download/file.php?id=1292, and able to proceed ahead with getting the espconn_secure_ca_enable(ESPCONN_CLIENT, 0x3B) and espconn_secure_cert_req_enable(ESPCONN_CLIENT, 0x3A) separately, i.e. when only espconn_secure_ca_enable() is called or only espconn_secure_cert_req_enable() is called. But when I enable both the functions, the ESP 8266 is failing to connect to MQTT Broker giving the same error as before:

Code:

Please load authenticate certificate


This may mean that it is not able to find the "esp_ca_cert.bin" file. Can someone help me out?

Thanks,
Kantesh

Statistics: Posted by sslpia — Fri Jul 15, 2016 9:14 pm

]]> 2016-07-14T22:35:32+08:00 2016-07-14T22:35:32+08:00 https://bbs.espressif.com:443/viewtopic.php?t=1959&p=7964#p7964 <![CDATA[Re: client SSL connection/certs]]>
Could you please share the 'TLS_BiDirectVerif_Demo.zip' TLS Bi Directional Verification Demo example file as I am not able to find it anywhere.

I am getting the below error:
"

Code:

Please load authenticate certificate
"

Thanks,
Kantesh

Statistics: Posted by sslpia — Thu Jul 14, 2016 10:35 pm

]]> 2016-04-06T10:43:59+08:00 2016-04-06T10:43:59+08:00 https://bbs.espressif.com:443/viewtopic.php?t=1959&p=6356#p6356 <![CDATA[Re: client SSL connection/certs]]>
"the file is not a PEM file", in your case, it is a DER file, so it is not a PEM file. This is not a problem, we can also support DER file.

Sorry for the misunderstanding, we will revise this log.

Statistics: Posted by ESP_Faye — Wed Apr 06, 2016 10:43 am

]]> 2016-03-30T06:04:59+08:00 2016-03-30T06:04:59+08:00 https://bbs.espressif.com:443/viewtopic.php?t=1959&p=6254#p6254 <![CDATA[client SSL connection/certs]]> The I have generated private certificate and key for the device ( DER format and created the esp_cert_private_key.bin)
I used the make_cert.py tool (in the client-cert folder of the TLS_BiDirectVerif_Demo.zip) to
generate the ".bin" file - which I flashed into sector 2 of the flash (offset 8192).
The CA is private (self generated), and the cert is signed using this CA Key

Before using the espconn_secure_connect (), I use:
espconn_secure_set_size ()
espconn_secure_cert_req_enable (2) /* the private_key.bin file is in flash sector 2 <offset 8192> */
espconn_secure_connect ()

I get messages:
private_key: 260
certificate: 20e
the file is not a PEM file

However I see in the examples that was provided that you use DER outfor for the certificates.
Please help

Thanks

narayan

Statistics: Posted by narayan — Wed Mar 30, 2016 6:04 am

]]>