DII
DevHeads IoT Integration Server4mo ago
d1sc0

Receiving "rc= -2" error with ESP32 MQTT TLS certificates

I'm trying to send encrypted messages using tls from esp32 to my localhost mqtt server ( using mosquitto ) .I'm getting an error rc= -2 when using certificates for encryption . Code was working fine without encryption . Please help .
14 Replies
d1sc0
d1sc04mo ago
c++
#include <WiFi.h>
#include <WiFiClientSecure.h>
#include <PubSubClient.h>

const char* ssid = "my ssid";
const char* password = "redacted";
const char* mqtt_server = "mylocalhost";

const char* rootca = \
  "-----BEGIN CERTIFICATE-----\n"
  "-----END CERTIFICATE-----\n";

unsigned long lastMsg = 0;
#define MSG_BUFFER_SIZE (50)
char msg[MSG_BUFFER_SIZE];
int countValue = 0;

WiFiClientSecure espClient;
PubSubClient client(espClient);

void setup_wifi() {
  delay(10);
  Serial.println();
  Serial.print("Connecting to ");
  Serial.println(ssid);

  WiFi.mode(WIFI_STA);
  WiFi.begin(ssid, password);

  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }

  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());
}

void reconnect() {
  while (!client.connected()) {
    Serial.print("Attempting MQTT connection...");
    String clientId = "ESP32Client-";
    clientId += String(random(0xffff), HEX);

    if (client.connect(clientId.c_str())) {
      Serial.println("connected");
    } else {
      Serial.print("failed, rc=");
      Serial.print(client.state());
      Serial.println(" try again in 5 seconds");
      delay(5000);
    }
  }
}

void setup() {
  Serial.begin(115200);
  setup_wifi();
  espClient.setCACert(rootca);
  client.setServer(mqtt_server, 8883);  
}

void loop() {
  if (!client.connected()) {
    reconnect();
  }
  client.loop();

  unsigned long now = millis();
  if (now - lastMsg > 5000) {
    lastMsg = now;
    ++countValue;
    snprintf(msg, MSG_BUFFER_SIZE, "Count: %d", countValue);
    Serial.print("Publish message: ");
    Serial.println(msg);  
    client.publish("myTopic", msg); 
  }
}
c++
#include <WiFi.h>
#include <WiFiClientSecure.h>
#include <PubSubClient.h>

const char* ssid = "my ssid";
const char* password = "redacted";
const char* mqtt_server = "mylocalhost";

const char* rootca = \
  "-----BEGIN CERTIFICATE-----\n"
  "-----END CERTIFICATE-----\n";

unsigned long lastMsg = 0;
#define MSG_BUFFER_SIZE (50)
char msg[MSG_BUFFER_SIZE];
int countValue = 0;

WiFiClientSecure espClient;
PubSubClient client(espClient);

void setup_wifi() {
  delay(10);
  Serial.println();
  Serial.print("Connecting to ");
  Serial.println(ssid);

  WiFi.mode(WIFI_STA);
  WiFi.begin(ssid, password);

  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }

  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());
}

void reconnect() {
  while (!client.connected()) {
    Serial.print("Attempting MQTT connection...");
    String clientId = "ESP32Client-";
    clientId += String(random(0xffff), HEX);

    if (client.connect(clientId.c_str())) {
      Serial.println("connected");
    } else {
      Serial.print("failed, rc=");
      Serial.print(client.state());
      Serial.println(" try again in 5 seconds");
      delay(5000);
    }
  }
}

void setup() {
  Serial.begin(115200);
  setup_wifi();
  espClient.setCACert(rootca);
  client.setServer(mqtt_server, 8883);  
}

void loop() {
  if (!client.connected()) {
    reconnect();
  }
  client.loop();

  unsigned long now = millis();
  if (now - lastMsg > 5000) {
    lastMsg = now;
    ++countValue;
    snprintf(msg, MSG_BUFFER_SIZE, "Count: %d", countValue);
    Serial.print("Publish message: ");
    Serial.println(msg);  
    client.publish("myTopic", msg); 
  }
}
Ive configured my mosquitto config file also , adding the required listeners and path to certificates (generated the certificates using openssl)
techielew
techielew4mo ago
@Aditya thakekar and @LMtx may have some insight here
Aditya thakekar
Aditya thakekar4mo ago
Connection timeout? Share the print logs Rootca certificate issue seems like
d1sc0
d1sc04mo ago
serial monitor
No description
d1sc0
d1sc04mo ago
i generated certificates referring this
d1sc0
d1sc04mo ago
Aditya thakekar
Aditya thakekar4mo ago
You are doing https on mqtt Where is the pub sub network
d1sc0
d1sc04mo ago
I didnt quite get what you meant isnt this how we can publish? 
client.publish("myTopic", msg);
client.publish("myTopic", msg);
also i used wificlientsecure to use tls with mqtt , not https
Aditya thakekar
Aditya thakekar4mo ago
Check the backend first if you can Void setup() - steps check. setup_wifi(); client.setServer(mqtt_server, 1883); client.setCallback(callback); Check callback... Server ip address too
d1sc0
d1sc04mo ago
server is a broker service called mosquitto running on my localhost ... so its my localhost ipv4 address
Aditya thakekar
Aditya thakekar4mo ago
Mqqt backend Mosquito conf? Tcp is not configured properly Open the conf files and check Firewall is stopping
d1sc0
d1sc04mo ago
ive changed mosquitto.conf like this 
listener 8884
allow_anonymous true
max_connections -1
certfile C:\Users\91903\Desktop\encryption\ca-cert.pem
keyfile C:\Users\91903\Desktop\encryption\encryption2\ca-key.pem
listener 8884
allow_anonymous true
max_connections -1
certfile C:\Users\91903\Desktop\encryption\ca-cert.pem
keyfile C:\Users\91903\Desktop\encryption\encryption2\ca-key.pem
i tried websockeets on a different ports - 8091 and 888 
protocol websockets
protocol websockets
Aditya thakekar
Aditya thakekar4mo ago
Tcp connection for windows firewall
d1sc0
d1sc04mo ago
ive disabled all firewall , and added an inbound rule in windows defender firewall with advanced security to allow only specific remote ports and entered the ports i tried like 1883, 8883, 8884, 8091 etc (i tried using all these ports with/without encryption and with/without websockets)
Want results from more Discord servers?
Add your server
More Posts
DevHeads Demos: Navigating the Buildroot MenuconfigIf you want a specialized Linux implementation, you want buildroot. It allows devs to trim the fat oSelecting Antenna Connector Types for RF Circuit BoardsI'm working on an RF circuit board design and I'm a bit stumped on which antenna connector type woulCaution: Cognitive Fun - all about conductive Ink!https://youtu.be/tLKsvHSADdw?si=LlQbDLaWzsdbq4CJ Here's a very nice article on types and it's appliRoblox interactive IoT environment - dev logI create a development log for people interested in this concept. Sample video explaining the basicEnergy Market from an IoT perspective - with Thomas Weisshaupt, Regional Head at Wirepas.Modern Energy domain joins adaptive mesh networks, blockchain, and smart devices. We cover several Help getting started with CAVLI C16QS development kitDoes anyone have experience with this development board? If he can assist with datasheet, AT commandImplementing LoRaWAN for long-range communication in a low-power IoT sensor networkHi Has anyone successfully implemented LoRaWAN for long-range communication in a low-power IoT sensoHiii Mike , yes l’m working on anHiii Mike , yes l’m working on an outdoor project with 5 sensors. They need to send data every 20 miPwnagotchi - Open Source Wi-Fi Security ExplorerPwnagotchi is an open-source project designed to explore and exploit vulnerabilities in Wi-Fi networEmotion Recognition Technology and Applications - computer vision, data analysis and models at usehttps://electronics360.globalspec.com/article/20672/introduction-to-emotion-recognition-technology