AnsweredAssumed Answered

B-L475E-IOT01 how to use MQTT locally

Question asked by SerFabio89 on May 10, 2018

Good evening,

I've followed the getting started guide for B-L475-IOT01 to use the board in the title locally qith my mosquitto instance (… ) but I cannot make the certificate valid.


In the specific, I get this output from the terminal:

Setting the RTC from the network time.
../../../../../../Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4587: x509_verify_cert() returned -9984 (-0x2700)

Configuring the RTC from Date: Thu, 10 May 2018 00:00:36 GMT
AWS IoT SDK Version 2.2.1-
MQTT connection in progress: Attempt 1/3 ...
../../../../../../Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4587: x509_verify_cert() returned -9984 (-0x2700)

../../../../../../Drivers/BSP/Components/es_wifi/es_wifi.c:1836 :SEnd Data detect error


Instead, from mosquitto i read:

1525910243: New connection from on port 8883.
1525910245: OpenSSL Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
1525910245: Socket error on client <unknown>, disconnecting.


Anyone had the same problem and figured out how to solve? Maybe I'm not good with certificates, I attach the sequence of commands I used to generate the ca.crt, client.crt and client.key:


openssl req -new -x509 -days 1000 -extensions v3_ca -keyout ca.key -out ca.crt

openssl ecparam -name secp384r1 -out server.key -genkey

openssl req -out server.csr -key server.key -new

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 1000

openssl genrsa -out client.key 2048

openssl req -out client.csr -key client.key -new

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 1000


all fields left as default (pressing return each time), when password needed, I used "pass".