Hello, I am in the process of creating a configuration utility to create and save AWS IoT (MQTT) certificates to the ESP32's NVS storage partition on initial flashing, and then the ESP32 OTA updates itself to my latest production firmware afterwards. I've succeeded at saving the Public(testPubKey) and Private(testPriKey) keys to NVS Strings (tried both plain AKA no newline("\n") character, and including the generated newline("\n") character directly from IoT Core). I AM able to read the key Strings back, and print them to serial monitor in the OTA uploaded firmware.
The problem happens when I try to:
Code: Select all
net.setCertificate(testPubKey.c_str());
net.setPrivateKey(testPriKey.c_str());
Code: Select all
[LOG]Connecting to AWS IOT
[E][ssl_client.cpp:33] _handle_error(): [start_ssl_client():167]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -8576
The other lines that grab the keys from NVS:
Code: Select all
// Configure WiFiClientSecure to use the AWS IoT device credentials
String thingName = NVS.getString("thingName");
String testPubKey = NVS.getString("PublicKey");
String testPriKey = NVS.getString("PrivateKey");
net.setCACert(AWS_CERT_CA);
net.setCertificate(testPubKey.c_str());
net.setPrivateKey(testPriKey.c_str());
Important libraries included:
Code: Select all
#include <Arduino.h>
#include <WiFiClientSecure.h>
#include <MQTTClient.h>
#include <ArduinoJson.h>
#include "WiFi.h"
#include "ArduinoNvs.h"
ESP32-WROOM-32 module
Certs are generated by an IoT Core provisioning template, and sent to device over MQTT (using hardcoded configuration certificate)
Thank you in advance for any resources you might have!