MQTTS without CA

mattia424
Posts: 13
Joined: Sun Jan 07, 2024 11:56 pm

MQTTS without CA

Postby mattia424 » Mon Jul 01, 2024 5:07 pm

Hi,
I am trying to connect to my mqtt server where tls is enabled.
On the server I have created certificates with Let's Encrypt and with MQTT Explorer everything works correctly in TLS without loading the CA.

How can I now get this server to work with my ESP32?
I have tried putting only:

Code: Select all

.address = {
                .hostname = _endpoint.c_str(),
                .transport = MQTT_TRANSPORT_OVER_SSL,
                .port = _port,
            },
but the error it gives me is:

Code: Select all

E (67239) esp-tls-mbedtls: No server verification option set in esp_tls_cfg_t structure. Check esp_tls API reference
E (67239) esp-tls-mbedtls: Failed to set client configurations, returned [0x8017] (ESP_ERR_MBEDTLS_SSL_SETUP_FAILED)
E (67249) esp-tls: create_ssl_handle failed
E (67259) esp-tls: Failed to open new connection
E (67259) transport_base: Failed to open a new connection
E (67269) mqtt_client: Error transport connect
Do I have to enter the certificate?
I also tried manually entering the one downloaded from Let's Encrypt but with that the error it gives me is:

Code: Select all

E (48519) esp-tls-mbedtls: mbedtls_x509_crt_parse of CA cert returned -0x2180
I (48519) esp-tls-mbedtls: (FFFFDE80): X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected
E (48529) esp-tls-mbedtls: Failed to set client configurations, returned [0x8015] (ESP_ERR_MBEDTLS_X509_CRT_PARSE_FAILED)
E (48539) esp-tls: create_ssl_handle failed
E (48549) esp-tls: Failed to open new connection
E (48549) transport_base: Failed to open a new connection
E (48559) mqtt_client: Error transport connect

aliarifat794
Posts: 200
Joined: Sun Jun 23, 2024 6:18 pm

Re: MQTTS without CA

Postby aliarifat794 » Wed Jul 03, 2024 6:26 am

As far as I can understand, you need to download the Let's Encrypt CA Certificate from the Let's Encrypt website and embed the certificate in your code. You can visit these links for further info:
https://community.letsencrypt.org/t/val ... ice/175307
https://community.letsencrypt.org/t/how ... ler/197377
https://www.theengineeringprojects.com/ ... -mqtt.html

Who is online

Users browsing this forum: Google [Bot] and 84 guests