You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
IDF version (run git describe --tags to find it):
// v4.0-dev-728-g826ff7186
Problem Description
The openssl command to get certificates from a server doesn't retrieve full certificate chain.
This then causes an ssl error when connecting through e.g. mqtts, https.
Expected Behavior
Command should retrieve full certificate chain.
Actual Behavior
Command only retrieves first certificate.
Steps to reproduce
HOST=letsencrypt.org
openssl s_client -showcerts -connect $HOST </dev/null 2>/dev/null|openssl x509 -outform PEM > cert.pem -> only outputs first certificate
Unfortunately I can't find a one liner which gives the correct behaviour but the following command shows the full chain which can then be extracted and copied into a file:
This also fixes issue #2867 for servers using SNI.
The text was updated successfully, but these errors were encountered:
github-actionsbot
changed the title
openssl command in examples doesn't output full certificate chain
openssl command in examples doesn't output full certificate chain (IDFGH-1300)
Jun 6, 2019
Thanks for raising this issue, indeed there's a problem with some openssl commands in README.md for mqtt examples (the reason
is that iot.eclipse.org updated their certificates) and documentation for examples has to be updated, too.
In general, I do not think there is a universal openssl oneliner to output ROOT certificate. The example command you've provided openssl s_client -showcerts -connect $HOST -servername $HOST should work in most cases, however there's no guarantee for the chain
to contain the root certificate (In that case one needs to find it by other means, usually in CA's webpage).
I will update the command in README files for the specific hosts used in examples.
Environment
git describe --tags
to find it):// v4.0-dev-728-g826ff7186
Problem Description
The openssl command to get certificates from a server doesn't retrieve full certificate chain.
This then causes an ssl error when connecting through e.g. mqtts, https.
Expected Behavior
Command should retrieve full certificate chain.
Actual Behavior
Command only retrieves first certificate.
Steps to reproduce
HOST=letsencrypt.org
openssl s_client -showcerts -connect $HOST </dev/null 2>/dev/null|openssl x509 -outform PEM > cert.pem
-> only outputs first certificateUnfortunately I can't find a one liner which gives the correct behaviour but the following command shows the full chain which can then be extracted and copied into a file:
openssl s_client -showcerts -connect $HOST -servername $HOST
This also fixes issue #2867 for servers using SNI.
The text was updated successfully, but these errors were encountered: