Hi,
I intend to make an hostless mqtt application with QCA4010 which will connect to an mqtt broker that require certifications.
In the qcom_mqtt_connect function, the parameter: MqttConnectParams has the fields for rootCA, private key, and certificates files location.
My question is how can I put my certificates into the file in my application? Basically, I have the byte array of the certificates in pem-encoded.
I didn't find any document that describes about the file mechanism in QCA4010.
Hi ,
There are at least two certification files required A. the server sent certificate B. The root CA certificate of the CA . You can directly add the HEX value (byte array) in to your code using MqttConnectParams. Means hard code those value in Array and assigned to specfic MqttConnectParams members.
Hi,
Thanks for your reply. But due to the definition of the MQTTConnectParams as below:
I saw that the members for the pRootCALocation, pDeviceCertLocation, pPrivatekeyLocation cert are the location of the files that hold the certs and key. Can I directly pass the address of the arrays to those member or I have to use qcom_SSL_storeCert to save those certs and key to flash before using in MQTTConnectParams?
I do have the pem-encoded certificates and privatekey with me? Do I have to use sharkSSLParseCert.exe to convert it to bin file before getting the array?
I have done with openSSL before and in that case I only provided the certs as below array:
Hi ,
Yes. Right. You need to use sharkSSLParseCert.exe to convert it to bin file before getting the array
Hi jbhanu,
Thanks for your reply.
So I resume the process as below:
1. Get the root CA, certificate and private key.
2. Using sharkSSLParseCert.exe to get the bin files.
3. Using arrays to store the bin file contents.
4. Pass the address of the array to the MQTTConnectParams:
MQTTConnectParams.pRootCALocation = rootCAarray;
MQTTConnectParams.pDeviceCertLocation = deviceCertArray;
MQTTConnectParams.pPrivateKeyLocation = devicePrivateKeyArray;
Can you help to confirm the process?
Hi ,
Yes . You just need to convert your .pem format cert to sharkssl format like below and assign generated array to MQTTConnectParams.pDeviceCertLocation
./ SharkSSLParseCert <certificate> <privatekeyfile>
Like that same is applicable for root CA.
$ ./SharkSSLParseCAList <root-CA.crt>
Just pass MQTTConnectParams.pPrivateKeyLocation = NULL, as alerdy used by SharkSSLParseCert.exe.
Hope it helps.
Hi ,
Yes . You just need to convert your .pem format cert to sharkssl format like below and assign generated array to MQTTConnectParams.pDeviceCertLocation
./ SharkSSLParseCert <certificate> <privatekeyfile>
Like that same is applicable for root CA.
$ ./SharkSSLParseCAList <root-CA.crt>
Just pass MQTTConnectParams.pPrivateKeyLocation = NULL, as alerdy used by SharkSSLParseCert.exe.
Hope it helps.
Hi,
I finally use can work with an SSL supported MQTT broker in my local network.
For the RootCa and Cert, use SharkSSL to parse the cert plus private key and RootCA.
After that, you will need to use qcom_SSL_storeCert to store the cert into file and provide that file name to MQTT param.
That worked well for me.
Good news. You can use the same procedure for any remote broker too. If any further doubt/query , please kindly let us know .
Thanks