Reading WiFiClientSecure certs from NVS gives error

amarotica
Posts: 11
Joined: Wed Jul 22, 2020 4:56 pm

Reading WiFiClientSecure certs from NVS gives error

Postby amarotica » Mon Sep 14, 2020 9:58 pm

I moved this topic from the ESP32 Arduino to ESP32 IDF because I believe the certificate handler is IDF not Arduino specific:

Hello, I am in the process of creating a configuration utility to create and save AWS IoT (MQTT) certificates to the ESP32's NVS storage partition on initial flashing, and then the ESP32 OTA updates itself to my latest production firmware afterwards. I've succeeded at saving the Public(testPubKey) and Private(testPriKey) keys to NVS Strings (tried both plain AKA no newline("\n") character, and including the generated newline("\n") character directly from IoT Core). I AM able to read the key Strings back, and print them to serial monitor in the OTA uploaded firmware.

The problem happens when I try to:

Code: Select all

net.setCertificate(testPubKey.c_str());
net.setPrivateKey(testPriKey.c_str());
The error I receive in serial monitor after upload is:

Code: Select all

[LOG]Connecting to AWS IOT
[E][ssl_client.cpp:33] _handle_error(): [start_ssl_client():167]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -8576
Does anyone have any idea why this is happening, or how to translate the certificate String to something other than a char array that I thought the SSL function accepts?

The other lines that grab the keys from NVS:

Code: Select all

// Configure WiFiClientSecure to use the AWS IoT device credentials
    String thingName  = NVS.getString("thingName");
    String testPubKey = NVS.getString("PublicKey");
    String testPriKey = NVS.getString("PrivateKey");
    net.setCACert(AWS_CERT_CA);
    net.setCertificate(testPubKey.c_str());
    net.setPrivateKey(testPriKey.c_str());
The only other pieces of info I can think to include:
Important libraries included:

Code: Select all

#include <Arduino.h>
#include <WiFiClientSecure.h>
#include <MQTTClient.h>
#include <ArduinoJson.h>
#include "WiFi.h"
#include "ArduinoNvs.h"
Platform.IO IDE, running on 2.0.1
ESP32-WROOM-32 module
Certs are generated by an IoT Core provisioning template, and sent to device over MQTT (using hardcoded configuration certificate)

Thank you in advance for any resources you might have!

amarotica
Posts: 11
Joined: Wed Jul 22, 2020 4:56 pm

Re: Reading WiFiClientSecure certs from NVS gives error

Postby amarotica » Tue Oct 13, 2020 11:54 pm

Figured I should update this. Basically, we never got this working with NVS but we had someone create an "NVS" style library that uses SPIFFS in the background to make it happen.

Who is online

Users browsing this forum: No registered users and 234 guests