ESP8266 connect wifi using certificate fail

andreotti · August 28, 2021, 7:36pm

To connect an ESP8266 with Ziggo hotspot, I need to use a certificate.

I can not get it working so far. No idea why it is not connecting.

Here's the code I made (changed the user/password ofcourse):

/**************************************************************************************
* ESP8266 verbinden met Ziggo hotspot
***************************************************************************************/
#include <ESP8266WiFi.h>
#include <WiFiClient.h>
#include <wpa2_enterprise.h>
#include "mytime.h"

#ifdef DEBUG_ESP_PORT
#define DEBUG_MSG(...) DEBUG_ESP_PORT.printf( __VA_ARGS__ )
#else
#define DEBUG_MSG(...)
#endif

const char ssid[]    = "Ziggo";
const char ssident[] = "12345678";
const char ssuser[]  = "12345678";
const char sspass[]  = "abcdefghijklmno";

struct station_config wifi_config;
bool wifiOk = false;

const char ziggo_cert[] PROGMEM = R"EOF(
-----BEGIN CERTIFICATE-----
MIIFZTCCA02gAwIBAgIQMRRC4yx40plHb1I51cU4BDANBgkqhkiG9w0BAQsFADBF
MRMwEQYDVQQKEwpaaWdnbyBCLlYuMQswCQYDVQQGEwJOTDEhMB8GA1UEAxMYWmln
Z28gUHVibGljIFJvb3RDQSAtIEcxMB4XDTE0MDYyNjEyMzYxOFoXDTM0MDYyNjEy
MzYxOFowRTETMBEGA1UEChMKWmlnZ28gQi5WLjELMAkGA1UEBhMCTkwxITAfBgNV
BAMTGFppZ2dvIFB1YmxpYyBSb290Q0EgLSBHMTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAL7u99oSjtFHKcjs3NFNiojGDyjcTIYmowMkKPFRWD+QjBA8
t1Gkddc0CpsEvbdzLY6oArJYmmMTayMXeOp1wdXfGKBgvnWieehNH39vzBlQjby0
9U/iKm0O2pMzwK6XocpOh6Dy3vxnyv/XdTkuL6WU2KuhYLOZ8VWX8AmbUN5hKnEr
6bwAsTvj6afOloMFPxynFHdiKYr3E75rGUC5K3u+H7dbJyWbbCUmaBT/GAkMPhj6
2uPicWIxfNVI3ER1cKwvfMUULYNuJ6g2GNEs1yImrZ6ktVAMMogF1dGHomR/kuAA
z73H09pCx4IxzxRCWCKEfQydkRwPz+4M3aIRG71OW1DhZM4pS8uyrmKzBZDDhDwS
IB/2aGA0hphUf3+3MJNntqjdCWd0LOkRdbcDj2rNSlA2pE3+XbYrKGl8f6q/5RVf
UmQhgkBex8whRCBg8OroCvKM5AC5hSz+IkXPGcg9quMd97YOaUdX8MqBJutVMhMq
Xemhh/3CzDMFnrLRk3uEMf6kDPPO+7UKxbl7dhh/I9Ym9lmuq3NM6EK0rdMXoy49
ALyE+qvyhCvjchVyX1DgA/l4Flx4Vxlopo+m6hC1XKtI437bc97+8MxM/cKcTMe5
qyq5akhVpqRTmnDNDEdaZ74ZUYLbamKCsjuKSrON8jQcn3bQBX9D2JgBaFhHAgMB
AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBT/
e2d1lo6L4HHujKQ4wNmm5H1AaTAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQsFAAOCAgEANwRp4Q4tFtb2Z3hRnWnj21eEbigt3UmsEbCXFD+SdJMpF+DTK8wa
Ikken2Ws3WfsxJLUSgAlsk7k/4TEpWLfXLvAc0/BgLQKjtnJ3517Pb7AyQnLJTX/
njJ+uAO7gRurR3Fmwp+EQ0jMhhSfjXHcfTNKEhH7nH2ghDV3dKxE4Gs2ETfkaQQH
7H9IOCLjUGWz1cLYgmvJECN1wFwCZP3wIlxWW5x4/uctw/7kdeMp239tkB6UNDvE
5PXsUVKaG94BPYZV0dWREGsZrtKb4qrfMmraz7yCZWhDC/BzfSomNKuRqqyCOZv4
jfatvGvP4EexCVfIn0+QetTUmu0zNOV9FzbPxglYUqdat4tCOh8MYTi8KVBbwibX
TT9ifimTx0rses20pq0ixHPWPj8M97FDhMRGCM7SYCrXGScrPPlQEIKLsVMUC5ns
RUp/BLMVIQ0yDElOULefbP9vSNugKnethslNWi4vKc0OokhLrad7ymq3RyVrge1a
dIghxTv+eoKnBFYgenafPNEvurr+jHLquTiP4nqEmQxWbXL3Nzeve6mABm13owHN
09r0QvCKsI1paz0iBjzfIy7qrTZeD1Q4zPTN0dR93ENugauWgL5B8L8+UfED7W0H
r3SUD6YaIGzrDf8Qv02XcHQX5Bt3e+UbmYR1IR0QSsERn8DA4kEMXvA=
-----END CERTIFICATE-----
)EOF";

void wifi_connect()
{
  WiFi.mode(WIFI_STA);
  wifi_set_opmode(STATION_MODE);

  memset(&wifi_config, 0, sizeof(wifi_config));
  strcpy((char*)wifi_config.ssid, ssid);
  strcpy((char*)wifi_config.password, sspass);
  wifi_station_set_config(&wifi_config);

  wifi_station_set_wpa2_enterprise_auth(1);

  // Clean up to be sure no old data is still inside
  wifi_station_clear_cert_key();
  wifi_station_clear_enterprise_ca_cert();
  wifi_station_clear_enterprise_identity();
  wifi_station_clear_enterprise_username();
  wifi_station_clear_enterprise_password();
  wifi_station_clear_enterprise_new_password();

  wifi_station_set_enterprise_disable_time_check(true); // geen tijd controle
  // wifi_station_set_enterprise_identity((u8*)ssident, strlen(ssident));
  wifi_station_set_enterprise_username((u8*)ssuser, strlen(ssuser));
  wifi_station_set_enterprise_password((u8*)sspass, strlen(sspass));
  wifi_station_set_enterprise_ca_cert((u8*)ziggo_cert, sizeof(ziggo_cert));

  wifi_station_connect();
}

void setup()
{
  setTime(20, 45, 0, 28, 8, 2021);
  Serial.begin(115200);
  delay(2000);

  DEBUG_MSG("bootup...\n");
  Serial.println(euroDateTime(true));
  wifi_connect();
}

void loop()
{
  if (!wifiOk && WiFi.status() == WL_CONNECTED)
  {
    Serial.println("WiFi verbonden");
    Serial.print("IP: ");
    Serial.println(WiFi.localIP().toString());
    Serial.print("MAC: ");
    Serial.println(WiFi.macAddress());
    Serial.print("Router: ");
    Serial.println(WiFi.BSSIDstr());
    wifiOk = true;
  }
  delay(1000);
}

Idahowalker · August 29, 2021, 1:38pm

Here is how I type a cert

const char AWS_PUBLIC_CERT[] = ("-----BEGIN CERTIFICATE-----\n\
MIIDWjCCAkKgAwIBAgIVAPTQPproTtQouWYi7ct1lYtzrvXDMA0GCSqGSIb3DQEB\n\
CwUAME0xSzBJBgNVBAsMQkFtYXpvbiBXZWIgU2VydmljZXMgTz1BbWF6b24uY29t\n\
IEluYy4gTD1TZWF0dGxlIFNUPVdhc2hpbmd0b24gQz1VUzAeFw0yMDA1MDYyMDMz\n\
MzZaFw00OTEyMzEyMzU5NTlaMB4xHDAaBgNVBAMME0FXUyBJb1QgQ2VydGlmaWNh\n\
dGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRi+OiTJqfoRrRnxu1\n\
Wkg7lDElRZxFe4d8TxcTHYwua1Dm0COkXo5FxqXiMps2xYZ8i8R7Hr+fsyaANpBU\n\
LogYTuneDyFWlvXMreN6t+R8hQHAT9Lj7yg1c6jdXYxArfIocwpVOnE4LPnVdcuw\n\
kS8XIt4xn4VzwzjgAwRq2VIsex3E65QALURxiMB69hOluE+zUU7HWa1xfGxlQir7\n\
7sEchZusU7byc9zzF163dgN3FtP/lQz3v6nEeSAWxMTRQKSerK3huaq1Y6nDqrRf\n\
FiiHB1IbtMKOI4EtYF355lrSvholVnIrR4/SoLILP/iyBEXT9oaEy5AH1+JO4VQt\n\
2aQ3AgMBAAGjYDBeMB8GA1UdIwQYMBaAFOiwyMjBte3X9plChr+7dOL5UnskMB0G\n\
A1UdDgQWBBQKIqet6Ijg7v5gqDDSrnbMNvbWxTAMBgNVHRMBAf8EAjAAMA4GA1Ud\n\
DwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAQEAi85RDng3sZDoYXM2rhonVn9Z\n\
gvbpSxhr+ot1bNmqd1vsuwQl9vVOX6bghJZk1ISgPk54KRQCYkEWNmd2JFa9tTXr\n\
K51eVBi/Q+qfzaNZAQUEw+KetIK9vHrSoM9IjJETN8y4HzZntFqvB31rqZSR7+ZV\n\
5HM6/Qts6ITLb/VxSc8p/uthBhRINZsayiBnv6y2xYUaqYTfCjvVXZu2tGHaIUWe\n\
P6Jo/uJ40nu8PzR4PQGHuVPBKYPMtpH46jtyZ3hKlQhkoWPNTxcutmPMz0hypTJN\n\
ovS0z2uG38JuXUw99d/Mcv4QkzZVY/IzGlEzLqw+8d0qv6ue/CyEdrwqvMIRCQ==\n\
-----END CERTIFICATE-----\n");

Notice there are a few differences between the way your certs is typed over mine.

andreotti · August 29, 2021, 2:41pm

No need to type the cert like that. Mine gives the same result but is easier to code. I use that for HTML pages too.

I tested the WPA2 enterprise Wifi connection on a ESP32 with more or less the same code, and that's working!

Maybe the framework for the ESP8266 is not complete enough to get this working.

andreotti · August 30, 2021, 7:16pm

This is the problem:
The ESP8266 package within the Arduino environment (and also PlatformIO) is using SDK version 2.2.1
The WPA2 enterprise problems are fixed in SDK versions above 3.0.x, but this is not used for some reason.

Here's a link to the SDK releases:
https://github.com/espressif/ESP8266_NONOS_SDK/releases

You can change the current SDK version from 2.2.1 to 3.0 by editing platform.txt
#default SDK for all boards
#(generic board overrides this variable)
build.sdk=NONOSDK3V0
#build.sdk=NONOSDK22x_190703
#build.sdk=NONOSDK22x_191024
#build.sdk=NONOSDK22x_191105

But 3.0 is also not high enough, and this is not adviced.

Maybe the latest SDK will be used in the future, I don't know.

system · December 28, 2021, 7:16pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.