I installed Mosquitto broker in Raspberry in my local network.
I generated certificates in Raspberry as follows:
sudo openssl genrsa -out ca.key 2048
sudo openssl req -new -x509 -days 3600 -key ca.key -out ca.crt
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -out server.csr -key server.key
sudo openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3600
I modified the Mosqutto configuration file (.conf) as follows:
allow_anonymous false
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
tls_version tlsv1.2
I restarted Mosquitto everything ok
I downloaded the ca.crt file from Raspberry to my PC with Filezilla
from my PC I use MQTT.fx to connect I set the certificate.
WORKS WELL
The problem:
with ESP32 I can't connect when I set the certificate with espClient.setCACert(ca_cert);
MQTT connecting ...
[E] [ssl_client.cpp: 33] handle_error (): X509 - Certificate
verification failed, e.g. CRL, CA or signature check failed
Someone can help me, I can't understand if something is missing in the code or there is some error in generating the certificates
Please help
many thanks Michael
this is my code:
#include <WiFi.h>
#include <WiFiClientSecure.h>
#include <PubSubClient.h>
#include <ESPmDNS.h>
/* change it with your ssid-password */
const char* ssid = "XXXXXX";
const char* password = "XXXXXXX";
/* this is the MDNS name of PC where you installed MQTT Server */
const char* serverHostname = "home";
const char* ca_cert = \
"-----BEGIN CERTIFICATE-----\n" \
"MIIDmDCCAoCgAwIBAgIJAKV4GE+4y/G4MA0GCSqGSIb3DQEBCwUAMGExCzAJBgNV\n" \
"BAYTAlRWMRAwDgYDVQQIDAdUcmV2aXNvMRUwEwYDVQQHDAxDYXN0ZWxmcmFuY28x\n" \
"DDAKBgNVBAoMA1BTUzEMMAoGA1UECwwDUFNTMQ0wCwYDVQQDDARob21lMB4XDTE5\n" \
"MDkwODE3NDIzOFoXDTI5MDcxNzE3NDIzOFowYTELMAkGA1UEBhMCVFYxEDAOBgNV\n" \
"BAgMB1RyZXZpc28xFTATBgNVBAcMDENhc3RlbGZyYW5jbzEMMAoGA1UECgwDUFNT\n" \
"MQwwCgYDVQQLDANQU1MxDTALBgNVBAMMBGhvbWUwggEiMA0GCSqGSIb3DQEBAQUA\n" \
"A4IBDwAwggEKAoIBAQC2rPN7VQXtzLCl1LufJkzLK9xedrbW72K2vBZ34VNOl+tG\n" \
"ffNx2QQLQC0Jh5GzB79dZweqAjCRBbIEpx0IGvHWrHDUQMJrvg4BcmDr0eqNCup/\n" \
"tBItlEcCdvmWFfm3IBezOVBDFiQWmC4jvAC/G3DPlftHiPI1k3cDewKNJEJykxeD\n" \
"8H/4KTAz+wJXyGZiviZYv8OYOTRMa3nEhg1vaQTMgCwEVBavg5fsEQkZLArBNJQM\n" \
"Gmw0qDdJEMDGOGWPogxRAKrxvNnXr4mIebzPj9/UTrJnfzVOPEHZ9Uz5BU/psGCL\n" \
"cnMkBeNEa/JyLR14Hu8e+xa/pOCpJ9Dqhi/BTji5AgMBAAGjUzBRMB0GA1UdDgQW\n" \
"BBRIz+15SpOBqo0O+vOtgYvPj4LqWDAfBgNVHSMEGDAWgBRIz+15SpOBqo0O+vOt\n" \
"gYvPj4LqWDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC08Crs\n" \
"w7LPX+Bd80NwPuxgBmMU4U/pCw8AyzzSgckHmay0K8KuHXhSvZjdl6i0gjG/2xLa\n" \
"ghCtfFGIXPu1Lu226bhTWigmuFLYasG1MivTDz2LeUTFPQrtEO8KdsRUarPZW3Fj\n" \
"nOMyVDdzE4+HxvzvARDc1QbE9SX2ozQcNKQp4oRpunfT2+/OyzYgfMVA7MVKvehX\n" \
"VH49fRF1P1Ajizqr2eHDFImcMQTzepRT7IjfOiQ/8PoqrZGvGenMj5so1I9MtgyK\n" \
"gVUf1ZWPBgxmhVfla6vYBZiTGuZMHSDuF6/yFC1QnoXVq7K+bbIhAE8lsPNuOY7V\n" \
"dKidKIfBJiN378CC\n" \
"-----END CERTIFICATE-----\n";
/* create an instance of WiFiClientSecure */
WiFiClientSecure espClient;
PubSubClient client(espClient);
/*LED GPIO pin*/
const char led = 5;
/* topics */
#define COUNTER_TOPIC "smarthome/room1/counter"
#define LED_TOPIC "smarthome/room1/led" /* 1=on, 0=off */
long lastMsg = 0;
char msg[20];
int counter = 0;
void receivedCallback(char* topic, byte* payload, unsigned int length) {
Serial.print("Message received: ");
Serial.println(topic);
Serial.print("payload: ");
for (int i = 0; i < length; i++) {
Serial.print((char)payload[i]);
}
Serial.println();
/* we got '1' -> on */
if ((char)payload[0] == '1') {
digitalWrite(led, HIGH);
} else {
/* we got '0' -> on */
digitalWrite(led, LOW);
}
}
void mqttconnect() {
/* Loop until reconnected */
while (!client.connected()) {
Serial.print("MQTT connecting ...");
/* client ID */
String clientId = "ESP32Client";
/* connect now */
if (client.connect(clientId.c_str(),"XXXXX","XXXXXX")) {
Serial.println("connected");
/* subscribe topic */
client.subscribe(LED_TOPIC);
} else {
Serial.print("failed, status code =");
Serial.print(client.state());
Serial.println("try again in 5 seconds");
/* Wait 5 seconds before retrying */
delay(5000);
}
}
}
void setup() {
Serial.begin(9600);
// We start by connecting to a WiFi network
Serial.println();
Serial.print("Connecting to ");
Serial.println(ssid);
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
delay(500);
Serial.print(".");
}
/* set led as output to control led on-off */
pinMode(led, OUTPUT);
Serial.println("");
Serial.println("WiFi connected");
Serial.println("IP address: ");
Serial.println(WiFi.localIP());
/*setup MDNS for ESP32 */
if (!MDNS.begin("esp32")) {
Serial.println("Error setting up MDNS responder!");
while(1) {
delay(1000);
}
}
/* get the IP address of server by MDNS name */
Serial.println("mDNS responder started");
IPAddress serverIp = MDNS.queryHost(serverHostname);
Serial.print("IP address of server: ");
Serial.println(serverIp.toString());
/* set SSL/TLS certificate */
espClient.setCACert(ca_cert);
/* configure the MQTT server with IPaddress and port */
client.setServer(serverIp, 26391);
/* this receivedCallback function will be invoked
when client received subscribed topic */
client.setCallback(receivedCallback);
}
void loop() {
/* if client was disconnected then try to reconnect again */
if (!client.connected()) {
mqttconnect();
}
/* this function will listen for incomming
subscribed topic-process-invoke receivedCallback */
client.loop();
/* we increase counter every 3 secs
we count until 3 secs reached to avoid blocking program if using delay()*/
long now = millis();
if (now - lastMsg > 3000) {
lastMsg = now;
if (counter < 100) {
counter++;
snprintf (msg, 20, "%d", counter);
/* publish the message */
client.publish(COUNTER_TOPIC, msg);
}else {
counter = 0;
}
}
}
