Ian, you are now officially my hero of the month!!!
Indeed success now! For others arriving here: as mentioned above you need to get the certificate with openssl from the server, and when I did this, I had a file hivemq-com-chain.pem with three certificates inside it. Only the second one is the one you need for the conversation to hivemq-com-chain.der.
This is my full code that I just ran on my Pico W and validated that the message has arrived via the websocket client of HiveMQ! I will describe this further in a blog post and when ready add a link in this forum as a reference.
import time
import secrets
import network
from machine import Pin
from umqtt.simple import MQTTClient
import ussl
import ntptime
# Blink the onboard LED to show startup
led = Pin("LED", Pin.OUT)
led.off()
time.sleep_ms(50)
led.on()
time.sleep_ms(50)
led.off()
time.sleep_ms(50)
led.on()
time.sleep_ms(50)
led.off()
# Load the WiFi and HiveMQ Cloud credentials from secrets.py
try:
from secrets import secrets
except ImportError:
print("Error, secrets could not be read")
raise
# Connect to WiFi
# Based on https://datasheets.raspberrypi.com/picow/connecting-to-the-internet-with-pico-w.pdf
print('----------------------------------------------------------------------------------------------')
print('Connecting to AP: ' + secrets["ssid"])
wlan = network.WLAN(network.STA_IF)
wlan.active(True)
wlan.connect(secrets["ssid"], secrets["password"])
# Wait for connect or fail
connected = False
attempt = 0
while not connected and attempt < 10:
attempt += 1
if wlan.status() < 0 or wlan.status() >= 3:
connected = True
if not connected:
print("Connection attempt failed: " + str(attempt))
time.sleep(1)
else:
print("Connected on attempt: " + str(attempt))
if not connected or wlan.ifconfig()[0] == "0.0.0.0":
# Blink LED to show there is a WiFi problem
print("Bad WiFi connection: " + wlan.ifconfig()[0])
while True:
led.off()
time.sleep_ms(150)
led.on()
time.sleep_ms(150)
print("WiFi status: " + str(wlan.ifconfig()))
led.on()
# To validate certificates, a valid time is required
print('----------------------------------------------------------------------------------------------')
print('Connecting to NTP')
ntptime.host = "de.pool.ntp.org"
ntptime.settime()
print('Current time: ' + str(time.localtime()))
# Connect to HiveMQ
print('----------------------------------------------------------------------------------------------')
print('Loading CA Certificate')
with open("/certs/hivemq-com-chain_2_only.der", 'rb') as f:
cacert = f.read()
f.close()
print('Obtained CA Certificate')
# Based on https://www.tomshardware.com/how-to/send-and-receive-data-raspberry-pi-pico-w-mqtt
print('----------------------------------------------------------------------------------------------')
print("Connecting to " + secrets["broker"] + " as user " + secrets["mqtt_username"])
sslparams = {'server_side': False,
'key': None,
'cert': None,
'cert_reqs': ussl.CERT_REQUIRED,
'cadata': cacert,
'server_hostname': secrets["broker"]}
client = MQTTClient(client_id="picow",
server=secrets["broker"],
port=secrets["port"],
user=secrets["mqtt_username"],
password=secrets["mqtt_key"],
keepalive=3600,
ssl=True,
ssl_params=sslparams)
client.connect()
print('Connected to MQTT Broker: ' + secrets["broker"])
# Send a message to HiveMQ
client.publish('test', 'lalalala')
Output:
----------------------------------------------------------------------------------------------
Connecting to AP: ***
Connected on attempt: 1
WiFi status: ('172.16.1.88', '255.255.255.0', '172.16.1.1', '172.16.1.1')
----------------------------------------------------------------------------------------------
Connecting to NTP
Current time: (2022, 9, 10, 15, 21, 57, 5, 253)
----------------------------------------------------------------------------------------------
Loading CA Certificate
Obtained CA Certificate
----------------------------------------------------------------------------------------------
Connecting to f250***.s1.eu.hivemq.cloud as user picow-user
Connected to MQTT Broker: f250***.s1.eu.hivemq.cloud
Seeing is believing 