0

I am trying to connect to the HiveMQ broker using ESP32, a SIM7020 NB-IoT module and the library Magellan_SIM7020E found at:https://github.com/AIS-DeviceInnovation/Magellan_SIM7020E.

It requires an SSL certificate to be pasted in a header file with this format (here abbreviated), where the lines of XXXXXX are to be replaced with the characters of the certificate:

/= Certificate Authority info =/ /= CA Cert in PEM format =/

const char rootCA[] = {"-----BEGIN CERTIFICATE-----" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ... ... "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXXXXXXXXXXXXXX" "-----END CERTIFICATE-----"};

const char clientCA[] = {"-----BEGIN CERTIFICATE-----" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ... ... "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXX" "-----END CERTIFICATE-----"};

const char clientPrivateKey[] = {"-----BEGIN RSA PRIVATE KEY-----" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" ... ... "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" "-----END RSA PRIVATE KEY-----"};

I managed to work with the free service with this setup (using the non SSL client in the library) but the I am failing with the SSL version used to access the paid broker. By free service I mean broker.hivemq.com and by paid I mean xxxxxxx.s2.eu.hivemq.cloud.

I tried to use the certificate indicated in the FAQ (https://community.hivemq.com/t/frequently-asked-questions/514) which gives me a file called isrgrootx1.pem but it has a different format. I tried cutting the .pem into sections with length that match each of the three entries required in the header file but the total length does not match.

The downloaded .pem file has a single block of 1856 characters whereas the ESP32 seems to need three blocks for root, client and client private with lengths of 1116, 1232 and 1592 respectively, adding up to much more than the PEM file length.

Is this the right file?
If so, how do I convert it to the format that I need?
If not, where from can I get the certificate?

I tried to follow a previous answer (Can't connect ESP32 to MQTT). That is for WiFi, not NB-IoT but it seems to require a similar format for the certificate. It is suggeseted to install and use OpenSSL but I can't figure out how to install it and I don't even know if it would actually do what I need if I did manage to install it.

As an alternative is there any way I can access the paid broker without SSL as I don't really need that level of security and it is an added complication, especially with regard to keeping the certificates up to date.

Christian
  • 187
  • 5
  • I have managed to install openssl and get the certificate for HiveMQ but still the format doe not match. It does produce three blocks of characters which superficially appears like what I need but they don;t seems to be the same thing as in the header file they are described as rootCA, ClientCA and clientPrivateKey which does not seem at all to what is being produced by the openssl command. I tried pasting them anyway, despite the different length but it didn;t help. I still keep getting the response: --Please check your server/port/Certificates again. – Christian Dec 04 '22 at 15:27

0 Answers0