MQTTS Custom CERTs

RE: MQTTS Custom CERTs

LalithRJ — Mon, 04 Dec 2023 11:05:47 GMT

Hi Simonr! I was able to provision the tls certificates using the tls_credential_add().

Thanks,

Lalith RJ

RE: MQTTS Custom CERTs

LalithRJ — Fri, 24 Nov 2023 14:49:41 GMT

Hi,

Thanks Simon, I'll work on it and once I get a success state I'll Update!

RE: MQTTS Custom CERTs

Simonr — Fri, 24 Nov 2023 12:17:49 GMT

Is there a specific reason you want to get the MQTTS certificates from NVS instead of automatically?

If you want to do this manually, you can "borrow" the certificates_provision() function from the mqtt_helper.c and use that to find another way to get the certificates.

Alternatively you can "invent the wheel" yourself, by creating a function where you load certificates into a buffer, then call tls_credential_add to put use your credentials.

We don't have an exact way to get them manually, so you'll need to do some tweaking on your end.

Best regards,

Simon

RE: MQTTS Custom CERTs

LalithRJ — Thu, 23 Nov 2023 04:23:50 GMT

Hi Simon,

[quote userid="125155" url="~/f/nordic-q-a/105898/mqtts-custom-certs"]1. In nrf7002DK overlay.conf, the certificate credentials are automatically provisioned, but I would want to read the credentials from a different location.[/quote]

I meant the MQTTS certificates (ca certificate, client certificate and private certificate), I want to statically put the contents of the certs in the code instead of it automatically taking from a location.

I want to do something like this,
const char *certificateContent = "-----BEGIN CERTIFICATE-----\n" /**CONTENTS**/ "-----END CERTIFICATE-----";

What I observe is, I have the certificate Contents stored in a memory(NVS) but in the sample the certificate is provisioned in the the mqtt_helper.c where I am not able to put my nvs contents!! I dont feel editing the library files.

Do we have a way to do achieve what I need.

Let me know if you have any doubts in the question and Kindly respond in the earliest.

Kind Regards,

Lalith RJ

RE: MQTTS Custom CERTs

Simonr — Wed, 22 Nov 2023 09:14:25 GMT

1. I assume you're referring to the wifi credentials here, right? The wifi credentials library have an option to use the PSA storage instead of the settings backend I believe is the default.

2. In terms of sockets there shouldn't be an issue setting up both MQTT and MQTTS (with and without TLS). But the sample is somewhat static and you would need to implement this yourself if you want to enable/disable TLS in runtime. You can't change the .conf file itself but it's possible to enable and disable the TLS library and functions if you'd like.

Best regards,

Simon