Using own self-signed (OpenSSL) CA certificates in ESP32

[nastiliano]

Hello everyone.

Finally, after weeks reading a lot, I'm using MQTT with my own server/broker (Mosquitto) with my own self-signed not verified CA certificates.

In python (with paho) is working fine, but in micropython using "mqtt.robust2", doesn't accept unverified CA certificates.

Is there some solution for that?

The console error is clear:

"The certificate is not correctly signed by the trusted CA"

And the same in my "Mosquitto" .log file:

"OpenSSL Error[0]: error:0A000418:SSL routines::tlsv1 alert unknown ca"

Could you help me plese?

Thank you very much

[Carglglz]

This https://github.com/orgs/micropython/discussions/10559, https://github.com/JustinS-B/Mosquitto_CA_and_Certs should help you 👍🏼

[nastiliano]

Hello.

Uuuuuuooow... this seems great.

If I understood, simply I have to execute "ca_maker" and "client_maker" in my Linux to obtain my "Mosquitto" server CA and my CA as a client to obtain the correct formatted certificates? (and follow the same @JustinS-B configutarion to my ESP32 device?)

I'll try today or tomorrow.

Thanks!!

[JustinS-B]

@nastiliano I would also strongly advise actually reading "ca_maker" and "client_maker", as there are a couple of User Defined Variables in each file that customise things to your setup - plus, both files are heavily commented so they will tell you what they are going to do & often why they are doing it.

[nastiliano]

OMG!!! It works!! :)

After more than a month it's my first time I can connect my ESP32 device with MQTT + TLS !!

Thanks, thanks a lot to everybody.
Best regards.

PD: I think your scripts and your work it would be more accessible in a tagged post or official documentation. It's a shame that the official MQTT documentation is so poor and so dispersed.