CC3200: Steps to create CA certificates for CC3200 for MQTT secure connection

Hi,

Are you running the HiveMQ broker yourself on your own server, or are you relying on an external cloud provider to run the broker?
The only certificate key pair that you need is the server certificate and key. Certificates and keys can be used on the CC3200 to enable client authentication, but that is not necessary.

To generate the server certificates needed, you can use OpenSSL. With OpenSSL, you can create your own RSA cert + key pair, and then provide that to your HiveMQ server to use. Once you have created this self-signed certificate, you can provide it to the CC3200 to use for server verification.

Alternatively, you could use OpenSSL to generate a certificate signing request (CSR) + key, and provide the CSR to a well-known and trusted root CA authority to sign. This will create a chain of trust linking your certificate and is considered more secure, as a client connecting to your server can verify the authenticity of the certificate.

A good resource you can use to understand certificates and CSRs is the SimpleLink Wi-Fi certificate handling guide:
www.ti.com/.../swpu332.pdf
It was written for the CC3220, but much of the information about TLS/SSL certificates still apply.

For a step-by-step guide on how to use OpenSSL to generate the certificates and keys for your server, you can look at this site:
www.devdungeon.com/.../creating-self-signed-ssl-certificates-openssl
The steps in the "Single command to generate a key and certificate" will get you what you need. Do remember you will need to convert the PEM formatted PEM certificate to DER format before you can use it with the CC3200.

Finally, to provide those certs to your MQTT server, you would follow the HiveMQ documentation here:
www.hivemq.com/.../listeners.html

Let me know if you need further clarification on certificates, or if you have further questions.

Regards,
Michael