As the title says... Chat on...

User avatar
By GeoReb
#83990 Wow, SSL authentication is overwhelming! :shock:

I am using NodeMCU to connect to a Microsoft Azure IoT Hub securely using the MQTT protocol.

Microsoft offer the ability to authorise clients using self-signed X.509 certificates.

This is explained in detail here:

I have followed the example that Microsoft Azure give, using OpenSSL to generate my self-signed X.509 certificates.

I try the example Python script to test the connection as a client, using my new certs and this works very well. So I know that the process has been a success, as it is tested and working and I am able to publish and subscribe to my IoT Hub.

In order to get the NodeMCU device connecting as a client to the IoT Hub, I need to load a certificate for authentication. NodeMCU provides the facility to load a single CA Certificate (in PEM format) into the operating system.

This is documented here:

The question is, which certificate should I use?

The encouraging news is that NodeMCU recognises the certificates as X.509 certs but fails on the verification. So this leads me to believe that I have the incorrect cert loaded...

Certificate verification failed, e.g. CRL, CA or signature check failed.

I have tried a handful of combinations from the OpenSSL output, but none appear to result in a successful handshake. I am poking and hoping at this stage and could do with some input from someone who knows their stuff.
User avatar
By marcelstoer
#83991 Are you maybe mixing things up? tls.cert.verify() expects a server certificate to which the chain presented by the server during handshake is compared (see docs for the 'pemdata' parameter). To my knowledge NodeMCU doesn't support mutual TLS with client certificates.
User avatar
By GeoReb
#84005 @marcelstoer

Yes, I can see that from the docs, it allows a CA cert...
However, the Microsoft docs ( says that is exactly what I should be using...

To authenticate your X.509 device, you need to first sign the device with the CA certificate.