DII
DevHeads IoT Integration Server9mo ago
d1sc0

Receiving "rc= -2" error with ESP32 MQTT TLS certificates

I'm trying to send encrypted messages using tls from esp32 to my localhost mqtt server ( using mosquitto ) .I'm getting an error rc= -2 when using certificates for encryption . Code was working fine without encryption . Please help .
14 Replies
d1sc0
d1sc09mo ago
c++
#include <WiFi.h>
#include <WiFiClientSecure.h>
#include <PubSubClient.h>

const char* ssid = "my ssid";
const char* password = "redacted";
const char* mqtt_server = "mylocalhost";

const char* rootca = \
  "-----BEGIN CERTIFICATE-----\n"
  "-----END CERTIFICATE-----\n";

unsigned long lastMsg = 0;
#define MSG_BUFFER_SIZE (50)
char msg[MSG_BUFFER_SIZE];
int countValue = 0;

WiFiClientSecure espClient;
PubSubClient client(espClient);

void setup_wifi() {
  delay(10);
  Serial.println();
  Serial.print("Connecting to ");
  Serial.println(ssid);

  WiFi.mode(WIFI_STA);
  WiFi.begin(ssid, password);

  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }

  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());
}

void reconnect() {
  while (!client.connected()) {
    Serial.print("Attempting MQTT connection...");
    String clientId = "ESP32Client-";
    clientId += String(random(0xffff), HEX);

    if (client.connect(clientId.c_str())) {
      Serial.println("connected");
    } else {
      Serial.print("failed, rc=");
      Serial.print(client.state());
      Serial.println(" try again in 5 seconds");
      delay(5000);
    }
  }
}

void setup() {
  Serial.begin(115200);
  setup_wifi();
  espClient.setCACert(rootca);
  client.setServer(mqtt_server, 8883);  
}

void loop() {
  if (!client.connected()) {
    reconnect();
  }
  client.loop();

  unsigned long now = millis();
  if (now - lastMsg > 5000) {
    lastMsg = now;
    ++countValue;
    snprintf(msg, MSG_BUFFER_SIZE, "Count: %d", countValue);
    Serial.print("Publish message: ");
    Serial.println(msg);  
    client.publish("myTopic", msg); 
  }
}
c++
#include <WiFi.h>
#include <WiFiClientSecure.h>
#include <PubSubClient.h>

const char* ssid = "my ssid";
const char* password = "redacted";
const char* mqtt_server = "mylocalhost";

const char* rootca = \
  "-----BEGIN CERTIFICATE-----\n"
  "-----END CERTIFICATE-----\n";

unsigned long lastMsg = 0;
#define MSG_BUFFER_SIZE (50)
char msg[MSG_BUFFER_SIZE];
int countValue = 0;

WiFiClientSecure espClient;
PubSubClient client(espClient);

void setup_wifi() {
  delay(10);
  Serial.println();
  Serial.print("Connecting to ");
  Serial.println(ssid);

  WiFi.mode(WIFI_STA);
  WiFi.begin(ssid, password);

  while (WiFi.status() != WL_CONNECTED) {
    delay(500);
    Serial.print(".");
  }

  Serial.println("");
  Serial.println("WiFi connected");
  Serial.println("IP address: ");
  Serial.println(WiFi.localIP());
}

void reconnect() {
  while (!client.connected()) {
    Serial.print("Attempting MQTT connection...");
    String clientId = "ESP32Client-";
    clientId += String(random(0xffff), HEX);

    if (client.connect(clientId.c_str())) {
      Serial.println("connected");
    } else {
      Serial.print("failed, rc=");
      Serial.print(client.state());
      Serial.println(" try again in 5 seconds");
      delay(5000);
    }
  }
}

void setup() {
  Serial.begin(115200);
  setup_wifi();
  espClient.setCACert(rootca);
  client.setServer(mqtt_server, 8883);  
}

void loop() {
  if (!client.connected()) {
    reconnect();
  }
  client.loop();

  unsigned long now = millis();
  if (now - lastMsg > 5000) {
    lastMsg = now;
    ++countValue;
    snprintf(msg, MSG_BUFFER_SIZE, "Count: %d", countValue);
    Serial.print("Publish message: ");
    Serial.println(msg);  
    client.publish("myTopic", msg); 
  }
}
Ive configured my mosquitto config file also , adding the required listeners and path to certificates (generated the certificates using openssl)
techielew
techielew9mo ago
@Aditya thakekar and @LMtx may have some insight here
Aditya thakekar
Aditya thakekar9mo ago
Connection timeout? Share the print logs Rootca certificate issue seems like
d1sc0
d1sc09mo ago
serial monitor
No description
d1sc0
d1sc09mo ago
i generated certificates referring this
d1sc0
d1sc09mo ago
Aditya thakekar
Aditya thakekar9mo ago
You are doing https on mqtt Where is the pub sub network
d1sc0
d1sc09mo ago
I didnt quite get what you meant isnt this how we can publish? 
client.publish("myTopic", msg);
client.publish("myTopic", msg);
also i used wificlientsecure to use tls with mqtt , not https
Aditya thakekar
Aditya thakekar8mo ago
Check the backend first if you can Void setup() - steps check. setup_wifi(); client.setServer(mqtt_server, 1883); client.setCallback(callback); Check callback... Server ip address too
d1sc0
d1sc08mo ago
server is a broker service called mosquitto running on my localhost ... so its my localhost ipv4 address
Aditya thakekar
Aditya thakekar8mo ago
Mqqt backend Mosquito conf? Tcp is not configured properly Open the conf files and check Firewall is stopping
d1sc0
d1sc08mo ago
ive changed mosquitto.conf like this 
listener 8884
allow_anonymous true
max_connections -1
certfile C:\Users\91903\Desktop\encryption\ca-cert.pem
keyfile C:\Users\91903\Desktop\encryption\encryption2\ca-key.pem
listener 8884
allow_anonymous true
max_connections -1
certfile C:\Users\91903\Desktop\encryption\ca-cert.pem
keyfile C:\Users\91903\Desktop\encryption\encryption2\ca-key.pem
i tried websockeets on a different ports - 8091 and 888 
protocol websockets
protocol websockets
Aditya thakekar
Aditya thakekar8mo ago
Tcp connection for windows firewall
d1sc0
d1sc08mo ago
ive disabled all firewall , and added an inbound rule in windows defender firewall with advanced security to allow only specific remote ports and entered the ports i tried like 1883, 8883, 8884, 8091 etc (i tried using all these ports with/without encryption and with/without websockets)
Want results from more Discord servers?
Add your server