WiFi setCARoot certificate

Hi,

i am trying to get example TLS client to work on my Arduino UNO R4 WiFi. I've exported crt certificate from my browser, but function setCARoot() function fails. Did enyone encounter this issue?

Thanks

Hi,

I am trying to run Arduino UNO R4 Wifi SSL Client example. When diving into code, I've discovered, that before connecting setCARoot() function is called with empty parameters. -> not working
So, I've exported CA certificate from my PC, added it into my code and I call setCARoot() before connecting -> still not working.

Does anyone encounter the same issue?

Thanks

Are you getting any error messages?

I have merged your topics due to them having too much overlap on the same subject matter @lukyn_arduino_lover.

In the future, please only create one topic for each distinct subject matter and be careful not to cause them to converge into parallel discussions.

The reason is that generating multiple threads on the same subject matter can waste the time of the people trying to help. Someone might spend a lot of time investigating and writing a detailed answer on one topic, without knowing that someone else already did the same in the other topic.

Thanks in advance for your cooperation.

This is what is written into debug output:

REQUEST: AT+SSLBEGINCLIENT

ANSWER: 2000
Result: OK

REQUEST: AT+SETCAROOT=2000

ANSWER:
Result: FAILED

REQUEST: AT+SETCAROOT=2000

ANSWER:
Result: FAILED

REQUEST: AT+SSLCLIENTCONNECTNAME=2000,www.drivingschool.nannuck.cz,443

ANSWER: ERROR
Result: FAILED
Connection failed...probably

REQUEST: AT+SSLAVAILABLE=2000

ANSWER: 0
Result: OK

REQUEST: AT+SSLCLIENTCONNECTED=2000

ANSWER: 0
Result: OK

So, if you have similar issue: do formware update of your board. You'll have to download a zip file, decompress it and run .bat file, I think it works in version 0.2.1 and it was not working in version 0.1.0 (i believe it is the default version, if you buy UNO R4 board). Afer update, example with accessing google works.
Next step: get it work to acces my website using TLS

I've update the ESP32 to the latest firmware, still having the issue. Cannot connect to my SSL server. How do you provide the CA certificate? The Certificate Tool isn't working for the R4 Wifi, seems not to be supported by the IDE.

Hi, this is the code I'm using:

#define SECRET_SSID "MY_SSID"
#define SECRET_PASS "secret_password"

#define CA_CERT "-----BEGIN CERTIFICATE-----\n"  \
"MIIFVzCCAz+gAwIBAgINAgPlk28xsBNJiGuiFzANBgkqhkiG9w0BAQwFADBHMQsw\n"  \
"CQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\n"  \
"MBIGA1UEAxMLR1RTIFJvb3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\n"  \
"MDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\n"  \
"Y2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUA\n"  \
"A4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx9vaMf/vo\n"  \
"27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7w\n"  \
"Cl7raKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjw\n"  \
"TcLCeoiKu7rPWRnWr4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0Pfybl\n"  \
"qAj+lug8aJRT7oM6iCsVlgmy4HqMLnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaH\n"  \
"szVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly4cpk9+aCEI3oncKKiPo4Zor8\n"  \
"Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr06zqkUspzBmk\n"  \
"MiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92\n"  \
"wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70p\n"  \
"aDPvOmbsB4om3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrN\n"  \
"VjzRlwW5y0vtOUucxD/SVRNuJLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQID\n"  \
"AQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\n"  \
"FgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEMBQADggIBAJ+qQibb\n"  \
"C5u+/x6Wki4+omVKapi6Ist9wTrYggoGxval3sBOh2Z5ofmmWJyq+bXmYOfg6LEe\n"  \
"QkEzCzc9zolwFcq1JKjPa7XSQCGYzyI0zzvFIoTgxQ6KfF2I5DUkzps+GlQebtuy\n"  \
"h6f88/qBVRRiClmpIgUxPoLW7ttXNLwzldMXG+gnoot7TiYaelpkttGsN/H9oPM4\n"  \
"7HLwEXWdyzRSjeZ2axfG34arJ45JK3VmgRAhpuo+9K4l/3wV3s6MJT/KYnAK9y8J\n"  \
"ZgfIPxz88NtFMN9iiMG1D53Dn0reWVlHxYciNuaCp+0KueIHoI17eko8cdLiA6Ef\n"  \
"MgfdG+RCzgwARWGAtQsgWSl4vflVy2PFPEz0tv/bal8xa5meLMFrUKTX5hgUvYU/\n"  \
"Z6tGn6D/Qqc6f1zLXbBwHSs09dR2CQzreExZBfMzQsNhFRAbd03OIozUhfJFfbdT\n"  \
"6u9AWpQKXCBfTkBdYiJ23//OYb2MI3jSNwLgjt7RETeJ9r/tSQdirpLsQBqvFAnZ\n"  \
"0E6yove+7u7Y/9waLd64NnHi/Hm3lCXRSHNboTXns5lndcEZOitHTtNCjv0xyBZm\n"  \
"2tIMPNuzjsmhDYAPexZ3FL//2wmUspO8IFgV6dtxQ/PeEMMA3KgqlbbC1j+Qa3bb\n"  \
"bP6MvPJwNQzcmRk13NfIRmPVNnGuV/u3gm3c\n"\
"-----END CERTIFICATE-----\n"

#include "WiFiS3.h"
#include "WiFiSSLClient.h"
#include "IPAddress.h"

char ssid[] = SECRET_SSID;        // your network SSID (name)
char pass[] = SECRET_PASS;        // your network password (use for WPA, or use as key for WEP)

int status = WL_IDLE_STATUS;

char server[] = "www.google.com"; //IPAddress server(74,125,232,128);

WiFiSSLClient client;

void setup() {
  Serial.begin(115200);
  while (!Serial);
  
  if (WiFi.status() == WL_NO_MODULE) {
    Serial.println("Communication with WiFi module failed!");
    while (true);
  }
  
  String fv = WiFi.firmwareVersion();
  if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
    Serial.println("Please upgrade the firmware");
  }
  Serial.print("Firmware version:");
  Serial.println(fv);
  
  while (status != WL_CONNECTED) {
    Serial.print("Attempting to connect to SSID: ");
    Serial.println(ssid);

    status = WiFi.begin(ssid, pass);     
    Serial.print("Status == ");
    Serial.println(status);

    delay(10000);
  }
  
  Serial.println("\nStarting connection to server...");
  
  Serial.println("CA_CERT: ");
  client.setCACert(CA_CERT, strlen(CA_CERT)); //set CA cert
  Serial.println("===============================");
  Serial.println(CA_CERT);
  Serial.println("===============================");

  if (client.connect(server, 443)) {
    Serial.println("connected to server");
    client.println("GET https:// HTTP/1.1");
    client.print("Host: ");
    client.println(server);
    client.println("Connection: close");
    client.println();
  }
  else {
    Serial.print("Is connected? ");
    Serial.println(client.connected());
    delay(100);
    Serial.println("Connection failed...probably");
  }
}

void read_response() {
  uint32_t received_data_num = 0;
  while (client.available()) {
    char c = client.read();
    Serial.print(c);
    received_data_num++;
    if(received_data_num % 80 == 0) { 
      Serial.println();
    }
  }  
}

void loop() {
  read_response();

  // if the server's disconnected, stop the client:
  if (!client.connected()) {
    Serial.println();
    Serial.println("disconnecting from server.");
    client.stop();

    // do nothing forevermore:
    while (true);
  }
}

Did you ever get the R4 WiFi board working with TLS? I'm trying to find the sketch combination that allows it to work with AWS IoT Core. Older boards seem to use WiFiClientSecure for handling the other certs but this doesn't seem to work with WiFiS3. Curious if you found any nuggets that might help. Thx!

I don't know if that helps ... take a look at the UNO R4 WiFi networking examples. Take a look at the penultimate example and read the comment at the beginning of the code about installing certificates.

Guglielmo

Hi,

there was an issue with firmware on Arduino UNO R4 WiFi board. If you try to google-it, you should find correct example
After upgrading it was wroking ok

Hope, this helps

Hi,
It is mandatory to update the firmware in Uno R4 to get SSL connection?
Thanks

Following the git blame for WIFI_FIRMWARE_LATEST_VERSION

• 2023-05-09: 1.5.0 WiFiS3 Library Initial Release
• 2023-05-09: 1.0.0 clean, fix and first working API
• 2023-05-17: 1.0.0 bug fixing
• 2023-05-30: 0.1.0 implemented Fw version from esp
• 2023-08-21: 0.2.1 WiFi firmware 0.2.1
• 2023-08-22: 0.3.0 Update WiFi firmware latest version 0.3.0
• 2024-02-16: 0.4.1 Update WIFI_FIRMWARE_LATEST_VERSION to 0.4.1
• 2025-02-24: 0.5.2 WIFI_FIRMWARE_LATEST_VERSION: 0.5.2

A quick search says that R4 was released at the end of May 2023, so the fact that the version numbers go down initially is not necessarily a problem. Were any early units released with version "1.0"? As it is, the version-check in all the examples, doing a plain text comparison

  String fv = WiFi.firmwareVersion();
  if (fv < WIFI_FIRMWARE_LATEST_VERSION) {
    Serial.println("Please upgrade the firmware");
  }

is not good. But comparing 1.x to 0.x would fail even when done correctly.

The first thing to check is the board's installed version, by adding

  Serial.print("Firmware version: ");
  Serial.println(fv);

to the above. If it's 0.1.0 (or somehow 1.0.0 or 1.5.0) definitely upgrade.

The IDE has Firmware Updater under the Tools menu. It lists a version 0.6.0 available for R4, the existence of which has not been merged into the main branch of the board platform yet. As a general rule, better to skip versions ending with .0 so that any minor kinks can be ironed out.

You'll also want to keep the board platform version up-to-date

• Board 1.4.1 with firmware 0.5.2
• Otherwise at least board 1.1.0 with firmware 0.4.1
• You'd need to have a very specific reason to run anything earlier

At the very top of the R4 Examples > WiFiS3 > WiFiWebClientSSL, it says

  Board CA Root certificate bundle is embedded inside WiFi firmware:
  https://github.com/arduino/uno-r4-wifi-usb-bridge/blob/main/certificates/cacrt_all.pem

Following that link, you'll see over 140 root certs. The file history shows some minor changes and updates that correspond with the firmware version updates.

If you're having trouble making a connection, which site is it?