Issue with SSL certificate

ShahinHaque
Posts: 17
Joined: Mon Oct 31, 2022 12:10 pm

Issue with SSL certificate

Postby ShahinHaque » Thu Jan 05, 2023 10:54 am

Hello,

I am trying to access a website that requires an SSL certificate but my ESP AT command call-back is an error.

The SSL is extension is .cer

Using (https://docs.espressif.com/projects/esp ... files.html)
I have converted this into the binary format

python AtPKI.py generate_bin -b ./ESP_CERT_FILE.bin cert SSL_CERT_FILE.cer

python AtPKI.py generate_bin -b ./ESP_CA_FILE.bin ca SSL_CERT_FILE.cer

Files have been generated successfully.

I have then uploaded the file to the ESP using the ESP32C3 FLASH DOWNLOAD TOOL V3.9.3 using the latest ESP32-C3-MINI-1_AT_Bin_V2.4.2.0 but replacing the client_ca file.

locations found in the download.config:

--flash_mode dio --flash_freq 40m --flash_size 4MB
0x8000 partition_table/partition-table.bin
0xd000 ota_data_initial.bin
0xf000 phy_multiple_init_data.bin
0x0 bootloader/bootloader.bin
0x60000 esp-at.bin
0x1e000 at_customize.bin
0x25000 customized_partitions/server_cert.bin
0x3a000 customized_partitions/mqtt_key.bin
0x27000 customized_partitions/server_key.bin
0x29000 customized_partitions/server_ca.bin
0x2f000 customized_partitions/client_ca.bin
0x31000 customized_partitions/factory_param.bin
0x1F000 customized_partitions/ble_data.bin
0x3c000 customized_partitions/mqtt_ca.bin
0x38000 customized_partitions/mqtt_cert.bin
0x2b000 customized_partitions/client_cert.bin
0x2d000 customized_partitions/client_key.bin

The response I get is:

+HTTPCLIENT:35,Date: Thu, 05 Jan 2023 10:42:23 GMT
<LF>+HTTPCLIENT:30,Content-Type: application/json
<LF>+HTTPCLIENT:17,Content-Length: 0
<LF>+HTTPCLIENT:22,Connection: keep-alive
<LF>+HTTPCLIENT:54,x-amzn-RequestId: bb2ea242-4235-460e-a1dd-f1be8f4a050e
<LF>+HTTPCLIENT:53,x-amzn-ErrorType: MissingAuthenticationTokenException
<LF>+HTTPCLIENT:32,x-amz-apigw-id: eQ9ufEGarPEFRwA=
<LF>
<LF>ERROR

The message on the site currently is {"message": "MissingAuthentication Token"} but what I am trying to do is remove the ERROR callback.

I have tried converting the certification into the client_cert file with corresponding address and have flashed that to the device, same issue.


Any help?
Last edited by ShahinHaque on Tue Jan 10, 2023 10:40 am, edited 1 time in total.

ESP_Sun
Posts: 326
Joined: Thu Dec 30, 2021 9:52 am

Re: Issue with SSL certificate

Postby ESP_Sun » Fri Jan 06, 2023 3:10 am

ShahinHaque wrote:
Thu Jan 05, 2023 10:54 am
Hello,

I am trying to access a website that requires an SSL certificate but my ESP AT command call-back is an error.

The SSL is extension is .cer

Using (https://docs.espressif.com/projects/esp ... files.html)
I have converted this into the binary format

python AtPKI.py generate_bin -b ./ESP_CERT_FILE.bin cert SSL_CERT_FILE.cer

python AtPKI.py generate_bin -b ./ESP_CA_FILE.bin ca SSL_CERT_FILE.cer

Files have been generated successfully.

I have then uploaded the file to the ESP using the ESP32C3 FLASH DOWNLOAD TOOL V3.9.3 using the latest ESP32-C3-MINI-1_AT_Bin_V2.4.2.0 but replacing the client_ca file.

locations found in the download.config:

--flash_mode dio --flash_freq 40m --flash_size 4MB
0x8000 partition_table/partition-table.bin
0xd000 ota_data_initial.bin
0xf000 phy_multiple_init_data.bin
0x0 bootloader/bootloader.bin
0x60000 esp-at.bin
0x1e000 at_customize.bin
0x25000 customized_partitions/server_cert.bin
0x3a000 customized_partitions/mqtt_key.bin
0x27000 customized_partitions/server_key.bin
0x29000 customized_partitions/server_ca.bin
0x2f000 customized_partitions/client_ca.bin
0x31000 customized_partitions/factory_param.bin
0x1F000 customized_partitions/ble_data.bin
0x3c000 customized_partitions/mqtt_ca.bin
0x38000 customized_partitions/mqtt_cert.bin
0x2b000 customized_partitions/client_cert.bin
0x2d000 customized_partitions/client_key.bin

The response I get is:

+HTTPCLIENT:35,Date: Thu, 05 Jan 2023 10:42:23 GMT
<LF>+HTTPCLIENT:30,Content-Type: application/json
<LF>+HTTPCLIENT:17,Content-Length: 0
<LF>+HTTPCLIENT:22,Connection: keep-alive
<LF>+HTTPCLIENT:54,x-amzn-RequestId: bb2ea242-4235-460e-a1dd-f1be8f4a050e
<LF>+HTTPCLIENT:53,x-amzn-ErrorType: MissingAuthenticationTokenException
<LF>+HTTPCLIENT:32,x-amz-apigw-id: eQ9ufEGarPEFRwA=
<LF>
<LF>ERROR

The message on the site currently is {"message": "MissingAuthentication Token"} but what I am trying to do is remove the ERROR callback.

I have tried converting the certification into the client_cert file with corresponding address and have flashed that to the device, same issue.


Any help?
Hi,

The SSL connection method corresponding to the HTTP_TRANSPORT_OVER_SSL parameters in the figure below does not verify the certificate. If the SSL website you want to connect to requires one-way or two-way authentication, you may need to customize the AT command to complete this function.

Please refer to the documentation for how to customize AT commands: https://docs.espressif.com/projects/esp ... mands.html

Maybe you can learn about the AT+CIPSTART command to create a two-way authenticated SSL connection, and then send a delete request through the AT+CIPSEND command. Of course, this is just a guess, and I hope it can help you.
ESP32 as an SSL client to create a single connection with mutual authentication:https://docs.espressif.com/projects/esp ... entication
企业微信截图_16729737848116.png
企业微信截图_16729737848116.png (55.78 KiB) Viewed 2944 times

Who is online

Users browsing this forum: No registered users and 54 guests