mqtt ssl example certificate error

ESP-Marius
Posts: 74
Joined: Wed Oct 23, 2019 1:49 am

Re: mqtt ssl example certificate error

Postby ESP-Marius » Mon May 18, 2020 2:47 am

DEsp3286 wrote:
Fri May 15, 2020 11:47 am
What do you mean? Did you get the same error?

Code: Select all

failed to verify peer certificate
verification info: ! the certificate is not correctly signed by the trusted CA
No, connecting to mqtts://test.mosquitto.org:8883, with the certificate from https://test.mosquitto.org/ssl/mosquitto.org.crt I get

Code: Select all

verification info:   ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
, after applying the fix for this mentioned in the github issue I linked to earlier I can connect without errors.

Are you sure you have replaced the old certificate? If you are still trying to connect with that then it would explain the error you get.

DEsp3286
Posts: 13
Joined: Sat Sep 29, 2018 11:30 am

Re: mqtt ssl example certificate error

Postby DEsp3286 » Mon May 18, 2020 9:19 am

I copied / paste only the certificate without renaming any item in the mqtt/ssl example and now I got the same error:

Code: Select all

verification info:   ! The certificate is signed with an unacceptable key (eg bad curve, RSA too short).
So probably I did something wrong before this.

How did you fix this? Did you modify something on MBED library?

ESP-Marius
Posts: 74
Joined: Wed Oct 23, 2019 1:49 am

Re: mqtt ssl example certificate error

Postby ESP-Marius » Mon May 18, 2020 10:56 am

I set

Code: Select all

rsa_min_bitlen
in mbedtls_x509_crt_profile_default in x509_crt.c line 110 to 1024 and enabled

Code: Select all

#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
in mbedtls/config.h line 3273.

I only recommend doing this for testing though, as these are considered weak/insecure configurations.

DEsp3286
Posts: 13
Joined: Sat Sep 29, 2018 11:30 am

Re: mqtt ssl example certificate error

Postby DEsp3286 » Tue May 19, 2020 8:26 am

Thanks for help!

Who is online

Users browsing this forum: ESP_Sprite and 301 guests