How to test Certifications on ESP32C3 AT

[ShahinHaque]

Lets say I have a site that requires a certificate, I can import that certificate to the ESP32C3 via ESP FLASH DOWNLOAD TOOL to it's respective memory locations. Is there a function that can check if the certificate is valid?

[ESP_Sun]

Lets say I have a site that requires a certificate, I can import that certificate to the ESP32C3 via ESP FLASH DOWNLOAD TOOL to it's respective memory locations. Is there a function that can check if the certificate is valid?

Hi,

Maybe you can try to create an SSL connection using openssl. First verify that your certificate is valid. If you can use the certificate to create an SSL connection using openssl normally, your certificate should be valid. Therefore, you can refer to this example(https://docs.espressif.com/projects/esp ... entication) and use the AT command to try to create an SSL connection to see if the connection can be created successfully?

[ShahinHaque]

Code: Select all

openssl s_client -connect website_name.com:443 -CAfile C:\Users\Shahin.Haque\Downloads\Root_CA_B64.cer


..
SSL handshake has read 2745 bytes and written 453 bytes
Verification: OK
..
..
..
Timeout   : 7200 (sec)
Verify return code: 0 (ok)

vs

Code: Select all

openssl s_client -connect website_name.com:443


verify error:num=19:self-signed certificate in certificate chain
verify return:1
..
..
..
SSL handshake has read 2745 bytes and written 453 bytes
Verification error: self-signed certificate in certificate chain
..
..
..
Timeout   : 7200 (sec)
Verify return code: 19 (self-signed certificate in certificate chain)
..
..
..

Above caption from OPENSSL, this is what I expected. An error without the file and verified with.

Now that I have varied that this works, I no longer need OPENSSL, the rest should be able to be done on the ESP32C3.

Using:

Code: Select all

/* AT CALLBACK */
AT+CIPSTART="SSL","wesbite_name.com",443

I get

Code: Select all

CONNECT
OK

/* ESP CALLBACK */
cert len=1164
set cert&key ok
ssl established

Which looks like it is working perfectly, however I get that reply with my cert aswell as the esp cert, which should only work with my cert. Furthermore regardless of the date I get an OK response.

I have tried removing the key aswell as making a fake key to see if it passes, but thankfully that fails

Code: Select all

/* AT CALLBACK */
ERROR

/* ESP CALLBACK */
cert len=0
ssl create 0 socket fail

Commands send to the ESP

Code: Select all

AT+RESTORE

AT+CWMODE=1

AT+CWJAP="wifi_name","wifi_password"

AT+CIPSNTPCFG=1,8,"cn.ntp.org.cn","ntp.sjtu.edu.cn"

AT+CIPSNTPTIME? (to check the date is set)

AT+CIPSSLCCONF=3,0,0 (Have also tried 1,0,0 & 2,0,0 arrangements)

AT+CIPSTART="SSL","wesbite_name.com",443

Any ideas?

[ShahinHaque]

I think I may be onto something, I have the CA file rather than the Cert+Key.

Am I correct in saying I need the CA or (CERT+KEY) but not both?
If so what command would I need to use to change it to CA?