AsafTvito flespi MQTT broker use the same SSL certificate as https://flespi.io. This is client-name based certificate supplied by the broker automatically during SSL handshake.
If you really need to use it in your client you may just download the certificate via web browser from https://flespi.io (on the address bar should be some kind of lock icon where you can click to view/export certificate).
See posts below if you need more details
where can i find flespi certificate?
i try to connect with secured connection port 8883 with this certificate downloaded from the browser without success.
i succeeded to connect with not secured connection to port 1883.
can help me to understand why?
What is the root CA?
AsafTvito, see the Certificate Hierarchy in the browser's export dialog - there is a tree like this:
GlobalSign Root CA
Just select each tree element and export it to separate file. Then open them using your text editor and join into one new text file in the order from top to bottom.
This way you will get a full-chain certificate file.
i have done it and i get error : Handshake Failed regard to certificate.
AsafTvito, you may test your full-chain certificate using curl like this:
curl --cacert full-chain.p7c -v https://flespi.io
where full-chain.p7c is your filename with 3 certificates.
If curl will output you a lot of HTML code - then your certificate file is ok.
What is the root CA of flespi?
Can be found on certmgr under Trusted Root Certificate
AsafTvito You can check this yourself using browser after navigating to https://flespi.io - the certificate in broker is the same.
i use it on my IOT and i get handshake error the error point on the root CA
i do not need the broker certificate i need the root certificate CA.
@AsafTvito, please read again the post #9 above
thank you all for the help.
the root CA of flespi is globalSign.cer