• State Verified Answer
  • Replies 5 replies
  • Subscribers 68 subscribers
  • Views 625 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 318062
Options

MQTTS Custom CERTs

LalithRJ

Hi,

I have been working with the nrf7002DK, I have a situation:

I have properly implemented Wi-Fi STA and MQTT over TLS. I want to update few things and would need your support.

1. In nrf7002DK overlay.conf, the certificate credentials are automatically provisioned, but I would want to read the credentials from a different location.

2. I want to enable and disable the TLS support during run time, i.e, Is it possible to edit/configure the .conf file from the source.c file.

Kindly respond in the earliest.

Kind Regards,

Lalith RJ

  • 0

    Hi

    1. I assume you're referring to the wifi credentials here, right? The wifi credentials library have an option to use the PSA storage instead of the settings backend I believe is the default.

    2. In terms of sockets there shouldn't be an issue setting up both MQTT and MQTTS (with and without TLS). But the sample is somewhat static and you would need to implement this yourself if you want to enable/disable TLS in runtime. You can't change the .conf file itself but it's possible to enable and disable the TLS library and functions if you'd like.

    Best regards,

    Simon

  • 0 in reply to Simonr

    Hi Simon,

    LalithRJ said:
    1. In nrf7002DK overlay.conf, the certificate credentials are automatically provisioned, but I would want to read the credentials from a different location.

    I meant the MQTTS certificates (ca certificate, client certificate and private certificate), I want to statically put the contents of the certs in the code instead of it automatically taking from a location.

    I want to do something like this,
    const char *certificateContent = "-----BEGIN CERTIFICATE-----\n" /**CONTENTS**/ "-----END CERTIFICATE-----";

    What I observe is, I have the certificate Contents stored in a memory(NVS) but in the sample the certificate is provisioned in the the mqtt_helper.c where I am not able to put my nvs contents!! I dont feel editing the library files.

    Do we have a way to do achieve what I need.

    Let me know if you have any doubts in the question and Kindly respond in the earliest.

    Kind Regards,

    Lalith RJ

  • 0

    Hi

    Is there a specific reason you want to get the MQTTS certificates from NVS instead of automatically? 

    If you want to do this manually, you can "borrow" the certificates_provision() function from the mqtt_helper.c and use that to find another way to get the certificates. 

    Alternatively you can "invent the wheel" yourself, by creating a function where you load certificates into a buffer, then call tls_credential_add to put use your credentials.

    We don't have an exact way to get them manually, so you'll need to do some tweaking on your end.

    Best regards,

    Simon

  • 0 in reply to Simonr

    Hi,

    Thanks Simon, I'll work on it and once I get a success state I'll Update!

  • 0 in reply to LalithRJ

    Hi Simonr! I was able to provision the tls certificates using the tls_credential_add().

    Thanks,

    Lalith RJ

Related