Page 1 of 1
Generate self-signed certificate and key in OTA.
Posted: Fri Mar 29, 2019 3:53 pm
by filipESP
I can't generate the certificate for simple_ota_example. The msys2 printed this info:
Filip@DESKTOP-39581H3 MINGW32 /home/filip/esp/esp-idf/examples/get-started/hello_world/build
$ openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365
Can't load C:\msys32\home\Filip/.rnd into RNG
23020:error:2406F079:random number generator:RAND_load_file:Cannot open file:../openssl-1.1.1/crypto/rand/randfile.c:88:Filename=C:\msys32\home\Filip/.rnd
Generating a RSA private key
.........................+++++
.........................................................................................+++++
Re: Generate self-signed certificate and key in OTA.
Posted: Wed Sep 18, 2019 8:55 am
by Simon Leung
I have the same problem too. Is there any solution please?
Thanks.
Simon Leung
Re: Generate self-signed certificate and key in OTA.
Posted: Thu Sep 19, 2019 7:21 am
by filipESP
Try to instal opensll in version 1.0.2 and run it from console not msys.
Re: Generate self-signed certificate and key in OTA.
Posted: Fri Sep 20, 2019 4:11 am
by Simon Leung
you may try this for Windows user:
winpty openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 -nodes
Re: Generate self-signed certificate and key in OTA.
Posted: Fri Sep 20, 2019 8:03 am
by filipESP
Just run opensll and enter this command: req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365
Re: Generate self-signed certificate and key in OTA.
Posted: Mon Sep 23, 2019 9:37 am
by Simon Leung
Hi filipESP:
I tried to use openssl 1.0.2. for both the certificate and the local server. When I run the simple_ota_example, there is an error message "esp-tls:Failed to connect to host (errno 113)".
If I use the openssl in mintty and type in
winpty openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 –nodes for the certificate
then
winpty openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070 for the local server
It seems the connection of ESP32 and the local server is ok and the bin file is downloaded without any problem. However there is an error message related to segment length and the firmware upgrades failed. Below is a capture of the message from the mintty platform.
I (3759) simple_ota_example: Connect to Wifi ! Start to Connect to Server....
I (5849) esp_https_ota: Starting OTA...
I (5849) esp_https_ota: Writing to partition subtype 16 at offset 0x110000
I (6049) esp_https_ota: esp_ota_begin succeeded
I (6049) esp_https_ota: Please Wait. This may take time
I (6059) esp_https_ota: Connection closed,all data received
I (6069) esp_image: segment 0: paddr=0x00110020 vaddr=0x3f400020 size=0x07518 ( 29976) map
E (6089) esp_image: invalid segment length 0xffffffff
E (6089) esp_https_ota: Error: esp_ota_end failed! err=0x5379. Image is invalid
E (6099) simple_ota_example: Firmware Upgrades Failed
Do you have any idea about what's wrong with what I have entered?
Re: Generate self-signed certificate and key in OTA.
Posted: Thu Sep 26, 2019 8:36 am
by Simon Leung
It is ok now if I use OpenSSL 1.0.2d.
Re: Generate self-signed certificate and key in OTA.
Posted: Wed Oct 30, 2019 2:31 pm
by tanghuanqiao
Simon Leung wrote: ↑Mon Sep 23, 2019 9:37 am
Hi filipESP:
I tried to use openssl 1.0.2. for both the certificate and the local server. When I run the simple_ota_example, there is an error message "esp-tls:Failed to connect to host (errno 113)".
If I use the openssl in mintty and type in
winpty openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 –nodes for the certificate
then
winpty openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070 for the local server
It seems the connection of ESP32 and the local server is ok and the bin file is downloaded without any problem. However there is an error message related to segment length and the firmware upgrades failed. Below is a capture of the message from the mintty platform.
I (3759) simple_ota_example: Connect to Wifi ! Start to Connect to Server....
I (5849) esp_https_ota: Starting OTA...
I (5849) esp_https_ota: Writing to partition subtype 16 at offset 0x110000
I (6049) esp_https_ota: esp_ota_begin succeeded
I (6049) esp_https_ota: Please Wait. This may take time
I (6059) esp_https_ota: Connection closed,all data received
I (6069) esp_image: segment 0: paddr=0x00110020 vaddr=0x3f400020 size=0x07518 ( 29976) map
E (6089) esp_image: invalid segment length 0xffffffff
E (6089) esp_https_ota: Error: esp_ota_end failed! err=0x5379. Image is invalid
E (6099) simple_ota_example: Firmware Upgrades Failed
Do you have any idea about what's wrong with what I have entered?
I have the same problem, how can you solve it?