mirrors
/
Tasmota
mirror of https://github.com/arendst/Tasmota.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated AWS IoT (markdown)

s-hadinger 2019-08-06 11:23:44 +02:00
parent e4b1310c41
commit f30f46718d
1 changed files with 22 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
AWS-IoT.md

@ -202,7 +202,7 @@ If you need to reset the key store, use the command `TLSKey 0`.
We will extract the 32 bytes Private key from `tasmota-01.key` generated above. We will extract the 32 bytes Private key from `tasmota-01.key` generated above.
Simple method, use the following command: (fake key below) 1-line method, use the following command: (fake key below)
`openssl ec -in tasmota-01.key -inform PEM -outform DER | openssl asn1parse -inform DER | head -3 | tail -1 | awk -F':' '{ print $4 }' | xxd -r -p | base64 | echo "TLSKey1 $(</dev/stdin)"` `openssl ec -in tasmota-01.key -inform PEM -outform DER | openssl asn1parse -inform DER | head -3 | tail -1 | awk -F':' '{ print $4 }' | xxd -r -p | base64 | echo "TLSKey1 $(</dev/stdin)"`
@ -222,12 +222,16 @@ hh:mm:ss CMD: TLSKey1 UvBgyCuPr/lKSgwumf/8o/mIsKQPBHn3ZZAGZl4ui9E=
hh:mm:ss MQT: stat/sonoff/RESULT = {"TLSKey1":32,"TLSKey2":-1} hh:mm:ss MQT: stat/sonoff/RESULT = {"TLSKey1":32,"TLSKey2":-1}
``` ```
If it does not work, use the following: Alternative method:
Convert the Private Key file from `PEM` to `DER` (binary format):
`openssl ec -in tasmota-01.key -inform PEM -outform DER -out tasmota-01.key.der`
Dump the `ASN.1` format from the `DER` file:
``` ```
openssl ec -in tasmota-01.key -inform PEM -outform DER | openssl asn1parse -inform DER openssl asn1parse -inform DER -in tasmota-01.key.der
read EC key
writing EC key
0:d=0 hl=2 l= 119 cons: SEQUENCE 0:d=0 hl=2 l= 119 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :01 2:d=1 hl=2 l= 1 prim: INTEGER :01
5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:52F060C82B8FAFF94A4A0C2E99FFFCA3F988B0A40F0479F7659006665E2E8BD1 5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]:52F060C82B8FAFF94A4A0C2E99FFFCA3F988B0A40F0479F7659006665E2E8BD1
@ -243,7 +247,7 @@ Then convert the byte stream after `[HEX DUMP]` to base64 and use it with the `T
Similarly you will need to convert the file "**tasmota-01.cert.pem**" generated above to a Tasmota command. Similarly you will need to convert the file "**tasmota-01.cert.pem**" generated above to a Tasmota command.
Simple version, use the following command: 1-line version, use the following command:
`openssl x509 -in tasmota-01.cert.pem -inform PEM -outform DER | base64 | echo "TLSKey2 $(</dev/stdin)"` `openssl x509 -in tasmota-01.cert.pem -inform PEM -outform DER | base64 | echo "TLSKey2 $(</dev/stdin)"`
@ -263,6 +267,18 @@ hh:mm:ss MQT: stat/sonoff/IR2/RESULT = {"TLSKey1":32,"TLSKey2":641}
You need to check that both values are not "-1". The value for "TLSKey1" should always be 32. The value for "TLSKey2" varies depending on several parameters, and should be within the 640-700 bytes range. You need to check that both values are not "-1". The value for "TLSKey1" should always be 32. The value for "TLSKey2" varies depending on several parameters, and should be within the 640-700 bytes range.
Alternative version:
Convert your certificate from `PEM` to `DER` (binary) format:
`openssl x509 -in tasmota-01.cert.pem -inform PEM -outform DER -out tasmota-01.cert.der`
Then convert the Certificate to plain base64 in a single line (use `-A` flag):
`openssl base64 -e -in tasmota-01.cert.der -A -out tasmota-01.cert.b64`
Then use the command `TSLKey2 <base64>` and replace `<base64>` with the content of `tasmota-01.cert.b64`.
### Step 9. Configure Tasmota device ### Step 9. Configure Tasmota device
This is the last step, you need to configure the MQTT parameters. The easiest way is through the web console. This is the last step, you need to configure the MQTT parameters. The easiest way is through the web console.