Reading WiFiClientSecure certs from NVS gives error
Posted: Mon Sep 14, 2020 9:58 pm
I moved this topic from the ESP32 Arduino to ESP32 IDF because I believe the certificate handler is IDF not Arduino specific:
Hello, I am in the process of creating a configuration utility to create and save AWS IoT (MQTT) certificates to the ESP32's NVS storage partition on initial flashing, and then the ESP32 OTA updates itself to my latest production firmware afterwards. I've succeeded at saving the Public(testPubKey) and Private(testPriKey) keys to NVS Strings (tried both plain AKA no newline("\n") character, and including the generated newline("\n") character directly from IoT Core). I AM able to read the key Strings back, and print them to serial monitor in the OTA uploaded firmware.
The problem happens when I try to:
The error I receive in serial monitor after upload is:
Does anyone have any idea why this is happening, or how to translate the certificate String to something other than a char array that I thought the SSL function accepts?
The other lines that grab the keys from NVS:
The only other pieces of info I can think to include:
Important libraries included:
Platform.IO IDE, running on 2.0.1
ESP32-WROOM-32 module
Certs are generated by an IoT Core provisioning template, and sent to device over MQTT (using hardcoded configuration certificate)
Thank you in advance for any resources you might have!
Hello, I am in the process of creating a configuration utility to create and save AWS IoT (MQTT) certificates to the ESP32's NVS storage partition on initial flashing, and then the ESP32 OTA updates itself to my latest production firmware afterwards. I've succeeded at saving the Public(testPubKey) and Private(testPriKey) keys to NVS Strings (tried both plain AKA no newline("\n") character, and including the generated newline("\n") character directly from IoT Core). I AM able to read the key Strings back, and print them to serial monitor in the OTA uploaded firmware.
The problem happens when I try to:
Code: Select all
net.setCertificate(testPubKey.c_str());
net.setPrivateKey(testPriKey.c_str());
Code: Select all
[LOG]Connecting to AWS IOT
[E][ssl_client.cpp:33] _handle_error(): [start_ssl_client():167]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -8576
The other lines that grab the keys from NVS:
Code: Select all
// Configure WiFiClientSecure to use the AWS IoT device credentials
String thingName = NVS.getString("thingName");
String testPubKey = NVS.getString("PublicKey");
String testPriKey = NVS.getString("PrivateKey");
net.setCACert(AWS_CERT_CA);
net.setCertificate(testPubKey.c_str());
net.setPrivateKey(testPriKey.c_str());
Important libraries included:
Code: Select all
#include <Arduino.h>
#include <WiFiClientSecure.h>
#include <MQTTClient.h>
#include <ArduinoJson.h>
#include "WiFi.h"
#include "ArduinoNvs.h"
ESP32-WROOM-32 module
Certs are generated by an IoT Core provisioning template, and sent to device over MQTT (using hardcoded configuration certificate)
Thank you in advance for any resources you might have!