![iFixit Tears Down New M4 MacBook Air [Video]](https://www.iclarified.com/images/news/96717/96717/96717-640.jpg)
![Apple Officially Announces Return of 'Ted Lasso' for Fourth Season [Video]](https://www.iclarified.com/images/news/96710/96710/96710-640.jpg)
![9to5Rewards: Last chance to win a MacBook Pro from Chargeasap [Giveaway]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2024/10/M4-MacBook-Pro-doesnt-tempt-me-because-Apple-Silicon-Macs-are-almost-too-good.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
.jpg?#)
.jpg?#)
Use x509 certificates for MQTT communication in ESP IDF [closed]
I have an application where I need to connect to a third party cloud via MQTT. For this, the third party has given a process for certificate generation as follows (The process is to be done on Linux): Generate a CSR (Certificate Signing Request) with SubjectAltName (SAN) extension. Prepare a 'req.cnf' file for this. The format of this file is as follows- distinguished_name = req_distinguished_name req_extensions = req_ext [ req_distinguished_name ] countryName = Country Name (2 letter code) stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) organizationName = Organization Name (eg, company) commonName = Common Name (e.g. server FQDN) [ req_ext ] subjectAltName = @alt_names [alt_names] URI.1= Run the following command. This will generate a placeholder.csr and a private.key - openssl req -out placeholder.csr -newkey rsa:2048 -nodes -keyout private.key -config req.cnf The third party gives a 'ca.crt' file which is the public key certificate. Run the command below with this and above csr file. This process is to get the certificate signed by the third party - curl -o placeholder.crt -F csrFile=@placeholder.csr --cacert $CERT_HOME/ca.crt https://CADomainName/getCert I took these files and hardcoded them as strings in the ESP-IDF code as follows: void mqtt_app_start(void) { const esp_mqtt_client_config_t mqtt_cfg = { .broker = { .address.uri = "mqtts://sample.domain.name", .verification.certificate = (const char *)ca_cert }, .credentials = { .authentication.certificate = (const char *)signed_crt, .authentication.key = (const char *)client_key_pem }, }; The 'ca_cert' is the public key. 'signed_cert' is the placeholder.crt generated after signing. 'client_key_pm' is the private key. The placeholder.crt and private key had metadata which I removed and only kept the -----BEGIN CERTIFICATE---- . . . . -----END CERTIFICATE------ I am getting this error when I run the code: E (3632) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read(): EOF E (3632) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read() error: errno=119 I (3642) mqtt: MQTT_EVENT_ERROR I (3642) mqtt: Last error code reported from esp-tls: 0x8008 I (3652) mqtt: Last tls stack error number: 0x0 I (3652) mqtt: Last captured errno : 0 (Success) E (3662) mqtt_client: esp_mqtt_connect: mqtt_message_receive() returned -2 E (3672) mqtt_client: MQTT connect failed I (3672) mqtt: MQTT_EVENT_DISCONNECTED What can be the error in this?
![Use x509 certificates for MQTT communication in ESP IDF [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
I have an application where I need to connect to a third party cloud via MQTT. For this, the third party has given a process for certificate generation as follows (The process is to be done on Linux):
- Generate a CSR (Certificate Signing Request) with SubjectAltName (SAN) extension. Prepare a 'req.cnf' file for this. The format of this file is as follows-
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
stateOrProvinceName = State or Province Name (full name)
localityName = Locality Name (eg, city)
organizationName = Organization Name (eg, company)
commonName = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
URI.1=
- Run the following command. This will generate a placeholder.csr and a private.key -
openssl req -out placeholder.csr -newkey rsa:2048 -nodes -keyout private.key -config req.cnf
- The third party gives a 'ca.crt' file which is the public key certificate. Run the command below with this and above csr file. This process is to get the certificate signed by the third party -
curl -o placeholder.crt -F csrFile=@placeholder.csr --cacert $CERT_HOME/ca.crt https://CADomainName/getCert
I took these files and hardcoded them as strings in the ESP-IDF code as follows:
void mqtt_app_start(void) {
const esp_mqtt_client_config_t mqtt_cfg = {
.broker = {
.address.uri = "mqtts://sample.domain.name",
.verification.certificate = (const char *)ca_cert
},
.credentials = {
.authentication.certificate = (const char *)signed_crt,
.authentication.key = (const char *)client_key_pem
},
};
The 'ca_cert' is the public key. 'signed_cert' is the placeholder.crt generated after signing. 'client_key_pm' is the private key. The placeholder.crt and private key had metadata which I removed and only kept the
-----BEGIN CERTIFICATE----
.
.
.
.
-----END CERTIFICATE------
I am getting this error when I run the code:
E (3632) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read(): EOF
E (3632) mqtt_client: esp_mqtt_handle_transport_read_error: transport_read() error: errno=119
I (3642) mqtt: MQTT_EVENT_ERROR
I (3642) mqtt: Last error code reported from esp-tls: 0x8008
I (3652) mqtt: Last tls stack error number: 0x0
I (3652) mqtt: Last captured errno : 0 (Success)
E (3662) mqtt_client: esp_mqtt_connect: mqtt_message_receive() returned -2
E (3672) mqtt_client: MQTT connect failed
I (3672) mqtt: MQTT_EVENT_DISCONNECTED
What can be the error in this?
