X509 fingerprint issue #1
Description
Hello, I have been reading few of your examples how to get connected to IOT HUB, you are doing very good job for cummunity with regards to small IOT devices. Thanks for that...
Now back to my issue...
I am trying to setup sending data to IOT HUB using Arduino MKR 1400 GSM. I am able to connect to IOT HUB and publish data however 1-2 per day my arduino gets stucked and my watchdog has to reset it in order to start streaming again which is not ery good as I am loosing window for data capture. Therefore I was thinking to give a try HTTPS method instead of MQTT.
The only thing I do not understand is how to proceed with your sketch and self signed X509 cert (crypto chip ATECC608a, part of arduino board). I have SHA1 thumbprint in IOT HUB settings, this SHA1 thumbprint is not used in any of my sketch, it is somehow added / read from crypto chip.
My question is, how to use your script and use my crypto thumbprint (SHA1) from crypto chip rather than specify in config?
Your Config.h
#define IOTHUB_CONNECTION_STRING "[Your Azure IoT Hub or Azure IoT Central Connection String]"
/*
http://hassansin.github.io/certificate-pinning-in-nodejs for information on generating fingerprint. From Ubuntu or Ubuntu subsystem on Windows 10
echo -n | openssl s_client -connect saas-iothub-8135cd3b-f33a-4002-a44a-7ca5961b00b6.azure-devices.net:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -noout -fingerprint
*/
#define IOTHUB_CERTIFICATE_FINGERPRINT "95:B4:61:DF:90:D9:D7:1D:15:22:D8:DB:2E:F1:7D:BC:F4:BB:41:D2"
// #define IOTHUB_CERTIFICATE_FINGERPRINT ""
#ifdef IOTHUB_CONNECTION_STRING
#include "IotHub.h"
IotHub hub(IOTHUB_CONNECTION_STRING, IOTHUB_CERTIFICATE_FINGERPRINT);
#endif
Part of my sketch
#include <ArduinoBearSSL.h> // Port of BearSSL to Arduino, BearSSL is an implementation of the SSL/TLS protocol (RFC 5246) written in C, https://github.com/arduino-libraries/ArduinoBearSSL
#include <ArduinoECCX08.h> // Arduino Library for the Atmel/Microchip ECC508 and ECC608 crypto chips, https://github.com/arduino-libraries/ArduinoECCX08
#include <utility/ECCX08SelfSignedCert.h> // Part of the ArduinoECCX08 library
#include <ArduinoMqttClient.h> // Allows you to send and receive MQTT messages using Arduino, https://github.com/arduino-libraries/ArduinoMqttClient
GSMClient gsmClient; // Used for the TCP socket connection
BearSSLClient sslClient(gsmClient); // Used for SSL/TLS connection, integrates with ECC508
MqttClient mqttClient(sslClient);
void setup()
{
if (!ECCX08.begin()) {
Serial.println("No ECCX08 present!");
}
// reconstruct the self signed cert
ECCX08SelfSignedCert.beginReconstruction(0, 8);
ECCX08SelfSignedCert.setCommonName(ECCX08.serialNumber());
ECCX08SelfSignedCert.endReconstruction();
// Set a callback to get the current time
// used to validate the servers certificate
ArduinoBearSSL.onGetTime(getTime);
// Set the ECCX08 slot to use for the private key
// and the accompanying public certificate for it
sslClient.setEccSlot(0, ECCX08SelfSignedCert.bytes(), ECCX08SelfSignedCert.length());