AnsweredAssumed Answered

B-L475E-IOT01 how to use MQTT locally

Question asked by SerFabio89 on May 10, 2018

Good evening,

I've followed the getting started guide for B-L475-IOT01 to use the board in the title locally qith my mosquitto instance (http://www.st.com/content/ccc/resource/technical/document/user_manual/group0/9b/f5/d4/e1/17/3f/4d/fa/DM00367435/files/DM… ) but I cannot make the certificate valid.

 

In the specific, I get this output from the terminal:

Setting the RTC from the network time.
../../../../../../Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4587: x509_verify_cert() returned -9984 (-0x2700)

Configuring the RTC from Date: Thu, 10 May 2018 00:00:36 GMT
AWS IoT SDK Version 2.2.1-
MQTT connection in progress: Attempt 1/3 ...
../../../../../../Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4587: x509_verify_cert() returned -9984 (-0x2700)

../../../../../../Drivers/BSP/Components/es_wifi/es_wifi.c:1836 :SEnd Data detect error

 

Instead, from mosquitto i read:

1525910243: New connection from 192.168.1.60 on port 8883.
1525910245: OpenSSL Error: error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
1525910245: Socket error on client <unknown>, disconnecting.

 

Anyone had the same problem and figured out how to solve? Maybe I'm not good with certificates, I attach the sequence of commands I used to generate the ca.crt, client.crt and client.key:

 

openssl req -new -x509 -days 1000 -extensions v3_ca -keyout ca.key -out ca.crt

openssl ecparam -name secp384r1 -out server.key -genkey

openssl req -out server.csr -key server.key -new

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 1000

openssl genrsa -out client.key 2048

openssl req -out client.csr -key client.key -new

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 1000

 

all fields left as default (pressing return each time), when password needed, I used "pass".

 

Regards,

Fabio

Outcomes