Root certificates work for port 443, but not for port 8883 (MQTTS) #71
Comments
tbobek
changed the title
|
Not sure, but possibly an issue with SNI? Try using the setInsecure API to see if it solves your problem, then fix the underlying SNI issue. |
|
Hi @ffontaine, you need to create your own TAs starting from the mosquitto.org certificate using the |
|
For future reference: The full command is something like: brssl ta my_tas_and_certs.pem > MyTAs.hThen, add #include "MyTAs.h"
WiFiClient client;
BearSSLClient sslClient(client, TAs, TAs_NUM); |
|
Same experience. I used ESP32S3 and SIM7670G and Azure iot hub. Bearssl works fine with port 443 towards to vsh.pp.ua:443 but when I tried to azure dps mqtts server with 8883 port, it does not work. returning -2 error(server connection error). It should work because Azure server is using Digicert Root G2 so there shouldn't be an issue. Therefore, I tried different SSL support from TinyGSM with SIMCOM A767X and it also has Digicert Root G2 and it works perfect. It seems ArduinoBearSSL mqtts support is not working over GSM client |
uploading root certificate of
www.google.com:443on an Arduino MKR Wifi 1010 and connecting afterwards to it with the exampleWifiSSLClientworks perfectly.But all my trials to connect via port 8883 TLS encrypted with a ca_certificate failed. I tried a local MQTTS-Broker and also the test.mosquitto.org broker. Uploading certificates onto the board for the domains
finished with no errors, but the connection fails. It shows a
-2error code when asking withMqttClient.connectError()for it. TheMqttClientobject is derived fromBearSSLClient.I also posted this issue in the arduino.cc forum:
https://forum.arduino.cc/t/mqtts-with-arduino-mkr-wifi-1010/1094414
The text was updated successfully, but these errors were encountered: