I’m developing a new product around an Espressif ESP32-C3 module, configured with ESP-AT firmware. The ESP-AT manual says that the command AT+MQTTUSERCFG=0,2,… configures a link using MQTT over TLS (no certificate verify). HiveMQ documentation says that using port 8883 set TLS. Can I be sure that using both these does force all messages to be encrypted?
Hello @RouseA
I’m not deeply familiar with ESP-AT firmware, but it appears you’ll need to replace the Root CA certificate in the project to enable TLS communication with HiveMQ Cloud. You can download the Let’s Encrypt Root CA certificate for HiveMQ Cloud from this link: ISRG Root X1.
According to the AWS IoT documentation, you can proceed by:
-
Opening your local ESP-AT project.
-
Replacing the file at customized_partitions/raw_data/mqtt_ca/mqtt_ca.crt with
isrgrootx1.pem.
Kind regards,
Diego from HiveMQ Team
The problem with that is that each interface module would have to be individually hard-programmed with the certificate. TLS is used for most website accesses and each device accessing it doesn’t need to be individually hard-programmed so I’m sure there is a way to do it.
I’m not sure if the ESP-AT firmware project includes a built-in trust store. You might want to explore alternatives for embedding TLS certificates on devices to avoid manual configuration. Using a Let’s Encrypt certificate mentioned previously is a requirement for connecting to HiveMQ Cloud.
Kind regards,
Diego from HiveMQ Team