Import TLS certificates as files

[Matti104]

Hi, I'm trying to connect my ESP32 S3 DevKitC 1 N16R8 to an MQTT broker using TLS certificates. I'm trying to include them as files to create an automatic update system, but I'm having trouble.

I've tried many methods, but none have worked. Can anyone tell me how to include them correctly?

Thanks in advance.

[ves011]

If you still haven’t found the answer here is how I’m doing on my side when connecting esp32 devices to mosquito MQTT broker using TLS and 2-way certificate authentication.

1. Edit CMakeLists.txt in the root folder of your project and add the following lines

   Code: Select all

   target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "path/client.crt" TEXT)
   target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "path/client.key" TEXT)
   target_add_binary_data(${CMAKE_PROJECT_NAME}.elf "path/ca.crt" TEXT)
   

   Where
   - path/ is the path to your certificates and key
   - client.crt/key is the client certificate and key esp32 mqtt client will use to authenticate to the broker
   - ca.crt is the root ca of your PKI infrastructure , esp32 mqtt client will use to validate broker certificate
   []
2. modify client configuration file (esp_mqtt_client_config_t) and add the fields below

   Code: Select all

   esp_mqtt_client_config_t mqtt_cfg = {
   ...
   		.broker.verification.certificate = (const char *)ca_cert_pem_start,
   		.credentials = {
   		      .client_id = USER_MQTT,
   		      .authentication = {
   		        .certificate = (const char *)client_cert_pem_start,
   		        .key = (const char *)client_key_pem_start,
   		      	  },
   		    	},
   		 ...
   		 };
   

   []
3. make sure …..pem_start fields are declared in external directives like this

   Code: Select all

   extern const uint8_t client_cert_pem_start[] asm("_binary_client_crt_start");
   extern const uint8_t client_cert_pem_end[] asm("_binary_client_crt_end");
   extern const uint8_t client_key_pem_start[] asm("_binary_client_key_start");
   extern const uint8_t client_key_pem_end[] asm("_binary_client_key_end");
   extern const uint8_t ca_cert_pem_start[] asm("_binary_ca_crt_start");
   extern const uint8_t ca_cert_pem_end[] asm("_binary_ca_crt_end");
   

... and it should work. at least it does for me

[nopnop2002]

I'm trying to connect my ESP32 S3 DevKitC 1 N16R8 to an MQTT broker using TLS certificates.

If you have information about the MQTT broker you want to use, you may be able to get a more accurate answer.

[Craige Hales]

several years and versions ago I discovered a trailing nul was needed.

Code: Select all

                    EMBED_FILES
#                        "spiffsdata/favicon.ico"
                        "upload_script.html"
# adds a trailing nul? makes it work?                        
                    EMBED_TXTFILES
                        "certs/cacert.pem"
                        "certs/prvtkey.pem"

note the difference between embed files vs embed txtfiles...a text file got an extra nul byte that prevented something from reading off the end.