Reading WiFiClientSecure certs from NVS gives error.

amarotica
Posts: 11
Joined: Wed Jul 22, 2020 4:56 pm

Reading WiFiClientSecure certs from NVS gives error.

Postby amarotica » Sat Sep 12, 2020 7:51 pm

Hello, I am in the process of creating a configuration utility to create and save AWS IoT (MQTT) certificates to the ESP32's NVS storage partition on initial flashing, and then the ESP32 OTA updates itself to my latest production firmware afterwards. I've succeeded at saving the Public(testPubKey) and Private(testPriKey) keys to NVS Strings (tried both plain AKA no newline("\n") character, and including the generated newline("\n") character directly from IoT Core). I AM able to read the key Strings back, and print them to serial monitor in the OTA uploaded firmware.

The problem happens when I try to:

Code: Select all

net.setCertificate(testPubKey.c_str());
net.setPrivateKey(testPriKey.c_str());
The error I receive in serial monitor after upload is:

Code: Select all

[LOG]Connecting to AWS IOT
[E][ssl_client.cpp:33] _handle_error(): [start_ssl_client():167]: (-8576) X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
[E][WiFiClientSecure.cpp:132] connect(): start_ssl_client: -8576
Does anyone have any idea why this is happening, or how to translate the certificate String to something other than a char array that I thought the SSL function accepts?

The other lines that grab the keys from NVS:

Code: Select all

// Configure WiFiClientSecure to use the AWS IoT device credentials
    String thingName  = NVS.getString("thingName");
    String testPubKey = NVS.getString("PublicKey");
    String testPriKey = NVS.getString("PrivateKey");
    net.setCACert(AWS_CERT_CA);
    net.setCertificate(testPubKey.c_str());
    net.setPrivateKey(testPriKey.c_str());
The only other pieces of info I can think to include:
Important libraries included:

Code: Select all

#include <Arduino.h>
#include <WiFiClientSecure.h>
#include <MQTTClient.h>
#include <ArduinoJson.h>
#include "WiFi.h"
#include "ArduinoNvs.h"
Platform.IO IDE, running on 2.0.1
ESP32-WROOM-32 module
Certs are generated by an IoT Core provisioning template, and sent to device over MQTT (using hardcoded configuration certificate)

Thank you in advance for any resources you might have!

bobo1974
Posts: 26
Joined: Fri Feb 08, 2019 2:14 pm

Re: Reading WiFiClientSecure certs from NVS gives error.

Postby bobo1974 » Tue Jun 08, 2021 7:52 am

Hi Amarotica,
I am trying to do the same thing as you did.
I discovered the NVS part of what you did.
Did you succeed? Would you be so kind as to share your code? Thanks

chegewara
Posts: 2378
Joined: Wed Jun 14, 2017 9:00 pm

Re: Reading WiFiClientSecure certs from NVS gives error.

Postby chegewara » Tue Jun 08, 2021 11:35 am

I think it may be issue in esp-idf. I remember i got it working in one project, then after some time it started to fail.
My advice is to print log before it is stored and after it fails and compare.
In my project i end up to re-download certificates from website/provider.

Who is online

Users browsing this forum: No registered users and 49 guests