mqtt connection problem with Azure

[JOsh_11]

Hi,

I want to connect to Azure IoTHub using the mqtt5 example from ESP_IDF. I tested it with a python script and I was able to send data to it. However, on the esp32s3 I get the following error:

error-output.PNG (29.12 KiB) Viewed 1035 times

After searching the web, I found that the problem is with the server authentication. Basically, I would need a CA certificate to verify that I am connecting to the correct server. One way to disable this is to add the following flags to sdkconfig.ci, viewtopic.php?t=19198:

sdkconnfig_ci.PNG (17.69 KiB) Viewed 1035 times

However, after doing this I still get the problem. What am I doing wrong?
Are my assumptions correct?

SDK: ES-IDF esp32s3, Windows

Thanks for the help!!!

[nopnop2002]

>Basically, I would need a CA certificate to verify that I am connecting to the correct server.


PEM certificate could be extracted from an openssl s_client

There are many examples of extracting PEM certificates in the official esp-idf example.

Code: Select all

$ cd esp-idf/examples/protocols
$ grep -rn "openssl s_client" *
esp_http_client/main/esp_http_client_example.c:38:   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
https_request/main/https_request_example_main.c:75:   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
mqtt/ssl/README.md:27:echo "" | openssl s_client -showcerts -connect mqtt.eclipseprojects.io:8883 | sed -n "1,/Root/d; /BEGIN/,/END/p" | openssl x509 -outform PEM >mqtt_eclipse_org.pem
mqtt/wss/README.md:28:echo "" | openssl s_client -showcerts -connect mqtt.eclipseprojects.io:443 | sed -n "1,/Root/d; /BEGIN/,/END/p" | openssl x509 -outform PEM >mqtt_eclipse_org.pem
smtp_client/main/smtp_client_example_main.c:58: * openssl s_client -showcerts -connect smtp.googlemail.com:587 -starttls smtp

Import the obtained CA certificate using this.

https://github.com/espressif/esp-idf/bl ... ts.txt#L11

Using CA certificate.

https://github.com/espressif/esp-idf/bl ... ain.c#L129

[GFeonix]

>Basically, I would need a CA certificate to verify that I am connecting to the correct server.


PEM certificate could be extracted from an openssl s_client

There are many examples of extracting PEM certificates in the official esp-idf example.

Code: Select all

$ cd esp-idf/examples/protocols
$ grep -rn "openssl s_client" *
esp_http_client/main/esp_http_client_example.c:38:   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
https_request/main/https_request_example_main.c:75:   openssl s_client -showcerts -connect www.howsmyssl.com:443 </dev/null
mqtt/ssl/README.md:27:echo "" | openssl s_client -showcerts -connect mqtt.eclipseprojects.io:8883 | sed -n "1,/Root/d; /BEGIN/,/END/p" | openssl x509 -outform PEM >mqtt_eclipse_org.pem
mqtt/wss/README.md:28:echo "" | openssl s_client -showcerts -connect mqtt.eclipseprojects.io:443 | sed -n "1,/Root/d; /BEGIN/,/END/p" | openssl x509 -outform PEM >mqtt_eclipse_org.pem
smtp_client/main/smtp_client_example_main.c:58: * openssl s_client -showcerts -connect smtp.googlemail.com:587 -starttls smtp

Import the obtained CA certificate using this.

https://github.com/espressif/esp-idf/bl ... ts.txt#L11

Using CA certificate.

https://github.com/espressif/esp-idf/bl ... ain.c#L129

Hi, I have the problem of how to upgrade the CA certificate by esp itself, and how long should I upgrade it? Could you help?

[nopnop2002]

esp-idf does not provide a way to upgrade the CA certificate.