Connect ESP32 to AWS IoT Core via MQTT with TLS Certificate Authentication

Introduction

This tutorial will guide you through the process of connecting an ESP32 device to AWS IoT Core using MQTT with TLS authentication. We will use secure certificates to ensure that our connection is safe and reliable. By the end of this tutorial, you will have a working ESP32 MQTT client that can send and receive messages securely.

Prerequisites

• Basic understanding of Arduino IDE and ESP32 programming.
• An AWS account with access to AWS IoT Core.
• ESP32 development board.
• Arduino IDE installed with ESP32 board support.
• MQTT client library for ESP32 (e.g., PubSubClient).
• OpenSSL installed on your local machine for certificate generation.

Parts/Tools

• ESP32 development board
• USB cable for programming
• Computer with Arduino IDE
• Access to AWS IoT Core
• OpenSSL for generating certificates

Steps

1. Set up AWS IoT Core:
   1. Log into your AWS account and navigate to the IoT Core service.
   2. Create a new “Thing” by selecting “Manage” then “Things” and clicking “Create.” Follow the wizard to name your Thing.
   3. Generate certificates by selecting “Secure,” then “Certificates,” and click on “Create certificate.” Download the following files:
      • Device certificate
      • Private key
      • Amazon root CA certificate
   4. Attach the generated policy to the certificate to grant permissions. Create a policy that allows MQTT actions.
2. Generate Certificates using OpenSSL:
   1. Open your terminal and generate a new private key:

      openssl genrsa -out private.pem.key 2048

   2. Create a certificate signing request (CSR):

      openssl req -new -key private.pem.key -out cert.csr

   3. Generate the device certificate:

      openssl x509 -req -in cert.csr -signkey private.pem.key -out certificate.pem.crt -days 365

3. Configure Arduino IDE for ESP32:
   1. Open the Arduino IDE and go to File → Preferences.
   2. Add the ESP32 board URL to the “Additional Board Manager URLs” field.
   3. Go to Tools → Board → Board Manager and install the ESP32 board package.
4. Write the Arduino Code:
   1. Create a new sketch in Arduino IDE and include the necessary libraries:

      #include 
      #include 

   2. Define your WiFi and MQTT settings:

      const char* ssid = "your_SSID";
      const char* password = "your_PASSWORD";
      const char* mqtt_server = "your_aws_endpoint";

   3. Set up the TLS certificate paths and callback functions for MQTT:

      const char* rootCA = "-----BEGIN CERTIFICATE-----n...your Amazon root CA...n-----END CERTIFICATE-----n";
      const char* privateKey = "-----BEGIN PRIVATE KEY-----n...your private key...n-----END PRIVATE KEY-----n";
      const char* clientCert = "-----BEGIN CERTIFICATE-----n...your device certificate...n-----END CERTIFICATE-----n";

   4. Implement the MQTT connection logic and message handling.
5. Upload the Code to ESP32:
   1. Connect your ESP32 to the computer via USB.
   2. Set the correct board and port in the Arduino IDE.
   3. Click on the upload button to compile and upload the code to the ESP32.
6. Test the MQTT Connection:
   1. Open the serial monitor in Arduino IDE to view debug information.
   2. If successful, the ESP32 should connect to AWS IoT Core and publish/subscribe to MQTT topics.

Troubleshooting

• If the ESP32 fails to connect, ensure that all certificate files are correctly loaded and formatted.
• Check your WiFi credentials and ensure the ESP32 is connected to the network.
• Verify the AWS IoT policy attached to the certificate allows required actions.
• Look for error messages in the serial monitor for clues about connection issues.

Conclusion

You have successfully connected your ESP32 to AWS IoT Core using MQTT with TLS authentication. This secure connection allows you to send and receive messages, making it an excellent foundation for IoT applications. Continue to explore further functionalities and features to enhance your projects.