• State Verified Answer
  • Replies 2 replies
  • Subscribers 74 subscribers
  • Views 1771 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 204826
Options
Beware that this post is related to an SDK in maintenance mode
More Info: Consider nRF Connect SDK for new designs
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to enable TLS on MQTT client ?

Mike Yang

Hi, all.

I'm making a mqtt client with nRF52832.

All examples of SDK 14.2 were using PSK secure.

But I want more secured connection as like MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA or MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.

Q1: How to generate private key, private certification and CA certification ?

I used openssl in my Linux PC for that but it seems doesn't work.

Q2: How to include PEM formatted key files in nrf_tls_certificate_t structure ?

Comments in the code says "PEM format" is required.

So, I converted key file as like below. Is this right thing ?

-----BEGIN RSA PRIVATE KEY-----

MIICXAIBAAKBgQC.....................

===>

static const uint8_t private_crt{} = {

0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45.......

};

Q3: p_ca_cert_pem can be NULL?

Is CA certificate required to make a secured connection ?

  • +1

    I found a solution by myself and share it for you guys.

    You should use key & certification string as like below. (I screened some of key value)

    static const char private_crt[] = "-----BEGIN CERTIFICATE-----\n"
    "MIICATCCAWoCCQCtv.................................................\n"
    "VTETMBEGA1UECAwK.................................................\n"
    "cyBQdHkgTHRkMB4XD.................................................\n"
    "A1UEBhMCQVUxEzAR.................................................\n"
    "IFdpZGdpdHMgUHR5IE.................................................\n"
    "2a0+/m8/tPC3hAMQq.................................................\n"
    "JQLqrTRvBUUcNQVw.................................................\n"
    "iLh0JEJgFR2Ka8JsfG.................................................\n"
    "AAOBgQAovS3rWhQV.................................................\n"
    "4pY6KXdPOC1nma+6f.................................................\n"
    "qIjDaK3oVYb3SX3E81.................................................\n"
    "-----END CERTIFICATE-----\n";

    And length should be set one more than strlen() result.

    In this case strlen() result is 757 but you should set .certificate_len as 758 in nrf_tls_certificate_t structure.

Related
Terms of service