This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Provision certificates from the certificates.h is not setting the #define

I have just switched from SDK version 1.0.0 to SDK 1.1.0 and I am using the MQTT FOTA example

I had the example project working when I was using v1.0.0 of the SDK

I have checked "Provision certificates from the certificates.h file" and clicked the configure button

but in main.c the define at line 28 has not been set so the certificates .h file is not included.

I notice that the name of the define in the menu settings is <PROVISION_CERTIFICATES>

and in the code on line 28 it is CONFIG_PROVISION_CERTIFICATES

Parents
  • Hi.

     

    I notice that the name of the define in the menu settings is <PROVISION_CERTIFICATES>

    and in the code on line 28 it is CONFIG_PROVISION_CERTIFICATES

     Yes, this is correct. A Kconfig option will generate the #define CONFIG_<name of option>.

     

    I have checked "Provision certificates from the certificates.h file" and clicked the configure button

    but in main.c the define at line 28 has not been set so the certificates .h file is not included.

     What do you mean by that. Did it not change color?

    Did you build the project again after applying the settings?

    Or did you empty the build directory?

    If you place a #error inside the #ifdef, does it still compile?

    Best regards,

    Didrik

  • certificates.h file is It is still grayed out

    I did a rebuild (which should do a clean and build) still no change

    However, when I put random text inside the ifdef then I get a compile error. 

    So it is just a type of display problem and not actually leaving out the certificates.h

  • The issue has been reported internally, and we'll bring this up with Segger.

    As you say, the problem is only with Embedded Studio not detecting the configuration. Your application will work as expected.

    Best regards,

    Didrik

  • Actually this is still an issue and now it is of much higher priority.

    It seems as though my board is using the certificates that I had to set using the AT Client software and my certificates that had been converted to JSON format a few months ago. Follow this thread and you will see where Martin had sent me a file containing my certificates converted to JSON format

    https://devzone.nordicsemi.com/support/233736

    I believe that I have the latest Modem firmware in my board.

    When I try to use new certificates from AWS in certificates.h I get a -45 error when I try to connect to AWS. So it seems that the default certificates are not getting overwritten at run time. 

  • Just confirmed that Modem firmware version is 1.1.1 by running %SHORTSWVER command

Reply Children
  • Also here is the Terminal trace window from startup. I see the delete inbuilt keys have a result code of zero. Is that ok?

  • hmichel said:
    I see the delete inbuilt keys have a result code of zero. Is that ok?

     Yes, that means that it was successfully able to delete the certificates.

     

    hmichel said:
    When I try to use new certificates from AWS in certificates.h I get a -45 error when I try to connect to AWS. So it seems that the default certificates are not getting overwritten at run time. 

     What sec_tag are you providing to the socket?

    And is that sec_tag dependent on some configuration options?

  • This is what I found for searching the source code for CLOUD_CERT_SEC_TAG

    And this is what I found in the nrf Connect Project Settings 

  • I have a conditional compile in certificates.h that allows me to pick from 3 different certificate sets that I created for AWS things. If I build the project with the original certificate set of the 3 then the device connects to AWS IoT. But I need to support different certificate sets for each device that will be deployed

  • So if I understand you correctly, you have a certificates.h file that looks something like this:

    Fullscreen
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    // file: certificates.h
    #define CERT_A \
    "-----BEGIN CERTIFICATE-----\n"\
    "aaaaaaaaaaaaaaaaaaaaaaaaaaa\n"\
    "-----End CERTIFICATE-----\n"
    #define CERT_B \
    "-----BEGIN CERTIFICATE-----\n"\
    "bbbbbbbbbbbbbbbbbbbbbbbbbbb\n"\
    "-----End CERTIFICATE-----\n"
    #define CERT_C \
    "-----BEGIN CERTIFICATE-----\n"\
    "cccccccccccccccccccccccccccc\n"\
    "-----End CERTIFICATE-----\n"
    #define CERT_TO_BE_USED CERT_A
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    And then you write CERT_TO_BE_USED to the modem?