Open in app

Sign in

Write

Sign in

IoT ESP32 using ssl/tls certificate to connect width MQTT Broker (Part 2 )

Rodolphe Beloncle
3 min readMar 23, 2023

--

If you want to follow from the beginning check this link (Part 1)

Overview

This article shows how to use MQTT communication under ssl/tls protocol with the ESP32 to publish encrypted messages and subscribe to topics .

We’ll use the Mosquitto broker installed on the same Raspberry Pi 3. The broker is responsible for receiving all messages, filtering the messages, decide who is interested in them and publishing the messages to all subscribed clients.

Prerequisites

Here’s the full code:

#include "WiFiClientSecure.h"
#include <PubSubClient.h>
#include "credentials.h"

// WiFi credentials
const char* ssid = "<name of your wifi router>";
const char* password = "<wifi password>";

// MQTT Broker credentials
const char* mqtt_broker = "<IP ADRESS OF THE BROKER>";
const char* topic = "test";
const int mqtt_port = 8883 ;

// Set ssl certificate
const char* root_ca =  CA_CRT;
const char* server_cert = SERVER_CERT;
const char* server_key  = SERVER_KEY;

// WiFiClient espClient;
WiFiClientSecure espClient;
PubSubClient client(espClient);

void setup() {
  // Set software serial baud to 115200;
  Serial.begin(115200);
  // Connecting to a WiFi network
  WiFi.begin(ssid, password);
  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.println("Connecting to WiFi..");
  }
  Serial.println("Connected to the WiFi network");
  //Connecting to a mqtt broker width ssl certification
  espClient.setCACert(root_ca);
  espClient.setCertificate(server_cert);  // for client verification
  espClient.setPrivateKey(server_key);    // for client verification


  // Connect to the MQTT Broker remotely
  client.setServer(mqtt_broker, mqtt_port);
  client.setCallback(callback);

  while (!client.connected()) {
    String client_id = "esp32-client";
    client_id += String(WiFi.macAddress());
  // Print the Name and the id of the esp32 controller
    Serial.printf("The client %s connects to the public mqtt broker\n", client_id.c_str());
    if (client.connect( client_id.c_str())) {
      Serial.println("Public emqx mqtt broker connected");
    } else {
      Serial.print("failed with state ");
      Serial.print(client.state());
      delay(2000);
    }
  }
  // Publish and Subscribe
  client.publish(topic, "Hi I'm ESP32 ^^");
  client.subscribe(topic);
}

void callback(char* topic, byte* payload, unsigned int length) {
  Serial.print("Message arrived in topic: ");
  Serial.println(topic);
  Serial.print("Message:");
  for (int i = 0; i < length; i++) {
    Serial.print((char)payload[i]);
  }
  Serial.println();
  Serial.println("-----------------------");
}

void loop() {
  client.loop();

  client.publish(topic, "message sent from the esp32 to MQTT BROKER encrypted");

  // Send a message every 10 seconds
  delay(10000);
}

in view to set your ssl certificates you need to create a credentials.h

At the end it should look like that :

#define CA_CRT                                                           \
    "-----BEGIN CERTIFICATE-----\n"                                      \
    "MIIDVzCCAj+gAwIBAgIUIwOnfZCxwCKrQXHpbI0rVksEcaMwDQYJKoZIhvcNAQEL\n" \
    "BQAwOzELMAkGA1UEBhMCSU4xDDAKBgNVBAoMA0lPVDEPMA0GA1UECwwGY2xpZW50\n" \
    "MQ0wCwYDVQQDDAR0ZXN0MB4XDTIzMDMyMjEzNDIwNFoXDTI4MDMyODEzNDIwNFow\n" \
    "OzELMAkGA1UEBhMCSU4xDDAKBgNVBAoMA0lPVDEPMA0GA1UECwwGY2xpZW50MQ0w\n" \
    "CwYDVQQDDAR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw019\n" \
    "nD5LRamjn/QJR2J3XR4M8s01os6XyCtMsDHzSTn2U4RZEker2Irn3b7DBHYMiwql\n" \
    "nDyulhs0Xz7y1a1tjnmN2aUBPrwcXx16ecEAVzbkb5QF0SONf1xHFOILIhyNRm8u\n" \
    "tuiymt6/5muJABenn5d34yI3Cu+2Mei5RJLB4e3v/574VD5JpxrGl2bJaszQR5ID\n" \
    "mgRvEP/sPnvDPnRrtaUaQncyU37E2XLpiZAb2IxDBsUCSNtlGBCMwFd4PSMmsI1p\n" \
    "3IdLyPFNd8wGggowSTet2yrOiOBr8tYdsPacW7iEJ6BzImwrlMj52vrKh5qBI7/i\n" \
    "E9K55B2YcCU6lfj5AQIDAQABo1MwUTAdBgNVHQ4EFgQU2Ivc8jRwORUEhX2rtd7v\n" \
    "NpN23o0wHwYDVR0jBBgwFoAU2Ivc8jRwORUEhX2rtd7vNpN23o0wDwYDVR0TAQH/\n" \
    "BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAjNtw2bRTu2towN4HAztqt+qV7CSR\n" \
    "WnLWjKa/sqvwkVfex4F83LNDl5Md7xZ2+EYwow/vvUxRmsjV9e6NC5RdP0PV4GKW\n" \
    "khFELL0rTNoY6XZ4t/3u9V7w5/x509D7v7A4vOsdCM32gNtj44XdCJi3oddTiF4L\n" \
    "yT3hafGwsMoDj8tzlI/xmv14xf7hF+v+gwTWXHBS3PPcEAX5+ATXAnnjSSBdqYGY\n" \
    "uXIsUv2O80D/+cLnsP1shiXhWfrjwx5bUgUIn1SxfxOkM4FFNxN3w1+miPgDcOj+\n" \
    "33mhVYbJwh/EIT105D4QuWOaCuC2+ktbAYFrcs9OF6Pp+lyIir/kZBgQ1Q==\n"     \
    "-----END CERTIFICATE-----\n"

#define SERVER_CERT                                                      \
    "-----BEGIN CERTIFICATE-----\n"                                      \
    "MIIDBTCCAe0CFHjJN1GNHVnqXiMyngV3yvLg/70FMA0GCSqGSIb3DQEBCwUAMDsx\n" \
    "CzAJBgNVBAYTAklOMQwwCgYDVQQKDANJT1QxDzANBgNVBAsMBmNsaWVudDENMAsG\n" \
    "A1UEAwwEdGVzdDAeFw0yMzAzMjIxMzQ4MjlaFw0yNDAzMTYxMzQ4MjlaMEMxCzAJ\n" \
    "BgNVBAYTAklOMQwwCgYDVQQKDANpb3QxDzANBgNVBAsMBnNlcnZlcjEVMBMGA1UE\n" \
    "AwwMMTkyLjE2OC4xLjEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\n" \
    "vsxvL0H8M9HjGplper2/oRtQQTFfBYLX3JfBrTJIXD6A5HFJ8bblvqP/qh/XB8ou\n" \
    "YYqwDYlZCDp4Kw54vSHZ0EfExbNy/Jh0xmnOeqjX7bfKFTVEIZdQFF8n3F3oGSqX\n" \
    "2q4n6T1HCxLtG8wYWnqXBmixW69xIQqGm+4CtnigWTckzr0/oSn6bAhLfzoorXNA\n" \
    "0lFfenW5URdvFXBcjzPZiQY7AxIUI2/daW1ElGlWyeqU8eG3zeIEHjMbqJdCzniF\n" \
    "UCfBuTfkSstqrUA/puqOSB/iRVAayrnAo04/p62NIzsrO5GfPwu0jZmSh7ogvUT9\n" \
    "j0Bm0FmOK33V4QQXUepy4wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCGTOdcm1xF\n" \
    "T6+i3rtrkC05jey8XoyZs8S5Q56D9X29jeQDVXLlHQ0O/0Q/xvwERxiBdI0EkoeL\n" \
    "YnD/KoQ/TLgzXmiBgdFWvorM385XJXLG9xnflpkuWWgpnOCjsgrgzFhz3nEtdhEt\n" \
    "fuCl87ySnuQSsQmelwcXbnt8zJkFJty2iV+C65MJoB3IwNJgpyLubg2L0/E+CkGF\n" \
    "nxIPiAuYBMXTXHF19UDnEgCdyv70dSFKuN1650nY90EUyEImRfngTn6vRaGCMIrI\n" \
    "uMAncVLF3yn1X1W0LsyUjFzKgwCk+IvtiCdGpZMWLP69pxYguBRjrbfHJZAniYhM\n" \
    "tWoJlGjTlLvU\n"                                                     \
    "-----END CERTIFICATE-----\n"

#define SERVER_KEY                                                       \
    "-----BEGIN RSA PRIVATE KEY-----\n"                                  \
    "MIIEpQIBAAKCAQEAvsxvL0H8M9HjGplper2/oRtQQTFfBYLX3JfBrTJIXD6A5HFJ\n" \
    "8bblvqP/qh/XB8ouYYqwDYlZCDp4Kw54vSHZ0EfExbNy/Jh0xmnOeqjX7bfKFTVE\n" \
    "IZdQFF8n3F3oGSqX2q4n6T1HCxLtG8wYWnqXBmixW69xIQqGm+4CtnigWTckzr0/\n" \
    "oSn6bAhLfzoorXNA0lFfenW5URdvFXBcjzPZiQY7AxIUI2/daW1ElGlWyeqU8eG3\n" \
    "zeIEHjMbqJdCzniFUCfBuTfkSstqrUA/puqOSB/iRVAayrnAo04/p62NIzsrO5Gf\n" \
    "Pwu0jZmSh7ogvUT9j0Bm0FmOK33V4QQXUepy4wIDAQABAoIBAQC6N1bQvcsDXHcV\n" \
    "r+Mlu2n7OGg0qJYAD/rUPnz1qBy9gvdTfkpYElTaor9VcCvzW123L5+yJnnxsPc1\n" \
    "trMajJ5ETLd86S5x3+4g9IVka8QLLBScbFdpnX+30kNaLYDohwycjts/JeJfqYIn\n" \
    "XiPqsrkRtT5cqLd2Mwq7xyl4o/SD/L39LkmvOZI9XixPIx6xxrJDPPW8gue3KZmH\n" \
    "IYlEOrZAN8Du4eBL7gFaTn3uiaLGWH+Em3BhsjjoQUmabeU4g48rNJk1Qpr4w8Um\n" \
    "wg9PY7nYDXHs8fwgUItyLhc0sGwPXUG8o91gdAYCT2BlZZynryMj7sNtn6ZqepTE\n" \
    "89lf9V7ZAoGBAPttyWC0wJCeSte1YgHOBKEZK96NqJ51hAiE7soPA2g+/1EM9Ag/\n" \
    "IBcMj0duzUlbyt32SUDZ/UjTzbQY5L5AF39aHGKznRB5XMzL3ykNjKjCsRApnk8Y\n" \
    "Z/SZ+PsxSHDt3wdQnoF2dgJ+uDofX7h39f6OEgf0NXewri9RFTfNEOG9AoGBAMJE\n" \
    "dYOoG3VXs8CB7+LgvUPl/dUxHDCR64E7pAz021TXS/H5uWZI7bePmue13NpI4JQt\n" \
    "ofZSYbakWveR2DaGgeAj40pUm3JkbRWMJi2N99IUMLV7aQNpXNchyPoObKGsqN0/\n" \
    "1A3ns32srIcp33zwAAXtp3ut1XllepOSuGFb2OEfAoGBAJtTdK/omnn9QFFIfdaN\n" \
    "lrCLY12m9/+Eq9+zd+2eHsW8/W/t56hcjw+OM8m2et4R9h7vsst8oAvoxVC4fD/I\n" \
    "SnvjiFu1iJeP0jO20xOCil4LgOVyQJmugzJKGNXd2VniqgDT3kgujbL25AsMLM9C\n" \
    "VNdAn4UIaiuaG9GhbtE9P2ulAoGBAIrVSfZRCW6OwtNtCPbnDducXg8iDbdYUSoG\n" \
    "aXMo+iZjxs6jXTAQJnLsmhPGEJOfSYAcLIdQ0KwqQSh0fkRZVC/O9fyFAqJ5yst/\n" \
    "YTllIBpue3D3RVE+1y6X4n1yGYhhUDzuBKn7UHccFCB0eFddXWbfNLZawRkEwNj+\n" \
    "He7WKOSZAoGAK8WeUTU4G+hCK0WH8p3/5Ly3md//16q4jwIi/jQJDlSzVEngERVe\n" \
    "te+JLM+a5bj5AUMBhIpiN3HvTDJBI+wHqFpQhVJgTSnvxqVzGHV88syWftOZDO1I\n" \
    "ujUkloyiTRuPMjbXlzXMf/e3PTJVL7sZcroYz+K0Hts0q2RT8Y3Hw1c=\n"         \
    "-----END RSA PRIVATE KEY-----\n"

And then you can import your credential.h file to your main file in view to upload it.

At the end you should see on your mqtt broker the following messages that will appear

Wrapping Up

In summary, I’ve shown the full basics concept of homemade IOT system width the broker part and the controller part .

Esp32
Mqtt Client
Ssl Certificate
Arduino
IoT

--

--

Rodolphe Beloncle

Written by Rodolphe Beloncle

7 Followers

Experienced Front-End developement with a demonstrated history of working in the wine industry.Recently i discovered IOT programmation.And having fun with it!

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams