Other Parts Discussed in Thread: CC3200
Hello everyone,
I'm facing a strange issue with a self signed certificate used by the mqtt client SSL connection, I generate a certificate that expires after 50 years, but one month after the certificate creation, the device returns the code -461 (connected with certificate date verification error) on connection. During the previous month I didn't have any issue on mqtt client connections.
I've followed the guide in the SDK documentation "CC32xx Serial Wifi.pdf" where I added the -days option when generating CA file, here my openssl commands to generate the certificate:
# Generate a CA certificate valid for 50 years: $ openssl req -out CAroot.pem -new -x509 -days 18250 # this command create CAroot.pem and privkey.pem files. # Generate server certificate/key pair: $ openssl genrsa -out server.key 1024 $ openssl req -key server.key -new -out server.req -days 18250 $ echo 00 > file.srl $ openssl x509 -req -in server.req -CA CAroot.pem -CAkey privkey.pem -CAserial file.srl -out server.pem # these commands create server.key and server.pem files # Translate CA certificate to DER format (to be read from the device): $ openssl x509 -in CAroot.pem -inform PEM -out CAroot.der -outform DER
Then I flash the /crt/CAroot.der file on the CC3200, my mqtt client configuration is the following:
char *security_file_list[] = {"/crt/CAroot.der"};
SlMqttClientCtxCfg_t broker_config =
{
{
SL_MQTT_NETCONN_SEC,
"192.168.1.120",
8884,
SL_SO_SEC_METHOD_TLSV1_2,
SL_SEC_MASK_TLS_RSA_WITH_AES_256_CBC_SHA,
1,
security_file_list
},
SERVER_MODE,
true,
};
I also tried with 90 days, but configuring a date farther than 30 days from today on the server and the device, the -461 error will be returned by the sl_Connect() function.
Am I doing something wrong?
Is there any configuration that I'm missing?
Thanks.
Regards,
Rosario
