Generate self-signed certificate and key in OTA.

filipESP
Posts: 74
Joined: Tue Nov 06, 2018 12:42 pm

Generate self-signed certificate and key in OTA.

Postby filipESP » Fri Mar 29, 2019 3:53 pm

I can't generate the certificate for simple_ota_example. The msys2 printed this info:

Filip@DESKTOP-39581H3 MINGW32 /home/filip/esp/esp-idf/examples/get-started/hello_world/build
$ openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365
Can't load C:\msys32\home\Filip/.rnd into RNG
23020:error:2406F079:random number generator:RAND_load_file:Cannot open file:../openssl-1.1.1/crypto/rand/randfile.c:88:Filename=C:\msys32\home\Filip/.rnd
Generating a RSA private key
.........................+++++
.........................................................................................+++++

Simon Leung
Posts: 10
Joined: Tue Jun 25, 2019 1:28 am

Re: Generate self-signed certificate and key in OTA.

Postby Simon Leung » Wed Sep 18, 2019 8:55 am

I have the same problem too. Is there any solution please?

Thanks.

Simon Leung

filipESP
Posts: 74
Joined: Tue Nov 06, 2018 12:42 pm

Re: Generate self-signed certificate and key in OTA.

Postby filipESP » Thu Sep 19, 2019 7:21 am

Try to instal opensll in version 1.0.2 and run it from console not msys.

Simon Leung
Posts: 10
Joined: Tue Jun 25, 2019 1:28 am

Re: Generate self-signed certificate and key in OTA.

Postby Simon Leung » Fri Sep 20, 2019 4:11 am

you may try this for Windows user:

winpty openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 -nodes

filipESP
Posts: 74
Joined: Tue Nov 06, 2018 12:42 pm

Re: Generate self-signed certificate and key in OTA.

Postby filipESP » Fri Sep 20, 2019 8:03 am

Just run opensll and enter this command: req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365

Simon Leung
Posts: 10
Joined: Tue Jun 25, 2019 1:28 am

Re: Generate self-signed certificate and key in OTA.

Postby Simon Leung » Mon Sep 23, 2019 9:37 am

Hi filipESP:

I tried to use openssl 1.0.2. for both the certificate and the local server. When I run the simple_ota_example, there is an error message "esp-tls:Failed to connect to host (errno 113)".

If I use the openssl in mintty and type in
winpty openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 –nodes for the certificate
then
winpty openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070 for the local server

It seems the connection of ESP32 and the local server is ok and the bin file is downloaded without any problem. However there is an error message related to segment length and the firmware upgrades failed. Below is a capture of the message from the mintty platform.

I (3759) simple_ota_example: Connect to Wifi ! Start to Connect to Server....
I (5849) esp_https_ota: Starting OTA...
I (5849) esp_https_ota: Writing to partition subtype 16 at offset 0x110000
I (6049) esp_https_ota: esp_ota_begin succeeded
I (6049) esp_https_ota: Please Wait. This may take time
I (6059) esp_https_ota: Connection closed,all data received
I (6069) esp_image: segment 0: paddr=0x00110020 vaddr=0x3f400020 size=0x07518 ( 29976) map
E (6089) esp_image: invalid segment length 0xffffffff
E (6089) esp_https_ota: Error: esp_ota_end failed! err=0x5379. Image is invalid
E (6099) simple_ota_example: Firmware Upgrades Failed

Do you have any idea about what's wrong with what I have entered?

Simon Leung
Posts: 10
Joined: Tue Jun 25, 2019 1:28 am

Re: Generate self-signed certificate and key in OTA.

Postby Simon Leung » Thu Sep 26, 2019 8:36 am

It is ok now if I use OpenSSL 1.0.2d.

tanghuanqiao
Posts: 6
Joined: Sun Sep 08, 2019 1:56 pm

Re: Generate self-signed certificate and key in OTA.

Postby tanghuanqiao » Wed Oct 30, 2019 2:31 pm

Simon Leung wrote:
Mon Sep 23, 2019 9:37 am
Hi filipESP:

I tried to use openssl 1.0.2. for both the certificate and the local server. When I run the simple_ota_example, there is an error message "esp-tls:Failed to connect to host (errno 113)".

If I use the openssl in mintty and type in
winpty openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 –nodes for the certificate
then
winpty openssl s_server -WWW -key ca_key.pem -cert ca_cert.pem -port 8070 for the local server

It seems the connection of ESP32 and the local server is ok and the bin file is downloaded without any problem. However there is an error message related to segment length and the firmware upgrades failed. Below is a capture of the message from the mintty platform.

I (3759) simple_ota_example: Connect to Wifi ! Start to Connect to Server....
I (5849) esp_https_ota: Starting OTA...
I (5849) esp_https_ota: Writing to partition subtype 16 at offset 0x110000
I (6049) esp_https_ota: esp_ota_begin succeeded
I (6049) esp_https_ota: Please Wait. This may take time
I (6059) esp_https_ota: Connection closed,all data received
I (6069) esp_image: segment 0: paddr=0x00110020 vaddr=0x3f400020 size=0x07518 ( 29976) map
E (6089) esp_image: invalid segment length 0xffffffff
E (6089) esp_https_ota: Error: esp_ota_end failed! err=0x5379. Image is invalid
E (6099) simple_ota_example: Firmware Upgrades Failed

Do you have any idea about what's wrong with what I have entered?
I have the same problem, how can you solve it?

Who is online

Users browsing this forum: Majestic-12 [Bot] and 146 guests