- Tue Oct 01, 2019 10:16 am
#83990
Wow, SSL authentication is overwhelming! 
I am using NodeMCU to connect to a Microsoft Azure IoT Hub securely using the MQTT protocol.
Microsoft offer the ability to authorise clients using self-signed X.509 certificates.
This is explained in detail here: https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-security-x509-get-started
I have followed the example that Microsoft Azure give, using OpenSSL to generate my self-signed X.509 certificates.
I try the example Python script to test the connection as a client, using my new certs and this works very well. So I know that the process has been a success, as it is tested and working and I am able to publish and subscribe to my IoT Hub.
In order to get the NodeMCU device connecting as a client to the IoT Hub, I need to load a certificate for authentication. NodeMCU provides the facility to load a single CA Certificate (in PEM format) into the operating system.
This is documented here: https://nodemcu.readthedocs.io/en/master/modules/tls/#tlscertverify
The question is, which certificate should I use?
The encouraging news is that NodeMCU recognises the certificates as X.509 certs but fails on the verification. So this leads me to believe that I have the incorrect cert loaded...
I have tried a handful of combinations from the OpenSSL output, but none appear to result in a successful handshake. I am poking and hoping at this stage and could do with some input from someone who knows their stuff.
I am using NodeMCU to connect to a Microsoft Azure IoT Hub securely using the MQTT protocol.
Microsoft offer the ability to authorise clients using self-signed X.509 certificates.
This is explained in detail here: https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-security-x509-get-started
I have followed the example that Microsoft Azure give, using OpenSSL to generate my self-signed X.509 certificates.
I try the example Python script to test the connection as a client, using my new certs and this works very well. So I know that the process has been a success, as it is tested and working and I am able to publish and subscribe to my IoT Hub.
In order to get the NodeMCU device connecting as a client to the IoT Hub, I need to load a certificate for authentication. NodeMCU provides the facility to load a single CA Certificate (in PEM format) into the operating system.
This is documented here: https://nodemcu.readthedocs.io/en/master/modules/tls/#tlscertverify
The question is, which certificate should I use?
The encouraging news is that NodeMCU recognises the certificates as X.509 certs but fails on the verification. So this leads me to believe that I have the incorrect cert loaded...
-0x2700 MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
Certificate verification failed, e.g. CRL, CA or signature check failed.
I have tried a handful of combinations from the OpenSSL output, but none appear to result in a successful handshake. I am poking and hoping at this stage and could do with some input from someone who knows their stuff.
