Posted on May 10, 2018 at 02:04Good evening,
I've followed the getting started guide for B-L475-IOT01 to use the board in the title locally qith my mosquitto instance (
http://www.st.com/content/ccc/resource/technical/document/user_manual/group0/9b/f5/d4/e1/17/3f/4d/fa/DM00367435/files/DM00367435.pdf/jcr:content/translations/en.DM00367435.pdf
) but I cannot make the certificate valid.
In the specific, I get this output from the terminal:
Setting the RTC from the network time.
../../../../../../Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4587: x509_verify_cert() returned -9984 (-0x2700)
Configuring the RTC from Date: Thu, 10 May 2018 00:00:36 GMT
AWS IoT SDK Version 2.2.1-
MQTT connection in progress: Attempt 1/3 ...
../../../../../../Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4587: x509_verify_cert() returned -9984 (-0x2700)
../../../../../../Drivers/BSP/Components/es_wifi/es_wifi.c:1836 :SEnd Data detect error
Instead, from mosquitto i read:
1525910243: New connection from 192.168.1.60 on port 8883.
1525910245: OpenSSL Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
1525910245: Socket error on client <unknown>, disconnecting.
Anyone had the same problem and figured out how to solve? Maybe I'm not good with certificates, I attach the sequence of commands I used to generate the ca.crt, client.crt and client.key:
openssl req -new -x509 -days 1000 -extensions v3_ca -keyout ca.key -out ca.crt
openssl ecparam -name secp384r1 -out server.key -genkey
openssl req -out server.csr -key server.key -new
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 1000
openssl genrsa -out client.key 2048
openssl req -out client.csr -key client.key -new
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 1000
all fields left as default (pressing return each time), when password needed, I used 'pass'.
Regards,
Fabio
#aws #wifi #mqtt #b-l475e-iot01a #b-l475e-iot01
