Just a doubt, I notice the code that load ca file is commented. Is this normally? I have used without ca and works fine, but sometimes esp8266 loses connection and not reconnect automatically. I don't know if this one is related to fail to reconnect, but even though I would like to know why ca is not used.

I was running into similar trouble and managed to resolve it be undoing the comments and creating the ca.der file. You can see what I did here.

I also uncommented the root certificate part certificates_esp8266_bin_CA and used the same logic (convert the .cert to DER, use xxd -i root_ca.der and paste the result into the .h file)

I want to thanks the author for the qualitiy and clarity of his code. I went through a lot of esp32 mqtt examples with the AWS identification process, and this one simply works.

I still do not understand why do we have on top of those three credentials (private key, certificate, root certificate), have to upload the data folder with the private key and certificate into the SPIFF ? Is it really necessary ?

Again, thumbs up for this repository.

@clementlefevre Convert from PEM to DER has the intent of use the less possible memory, but you can hardcode it instead uploads to SPIFFS, like this other example: https://github.com/copercini/esp8266-aws_iot/blob/master/examples/MQTT_x509_bin/MQTT_x509_bin.ino

the code works for me that I load or not the CA... I am wondering if the library is not able to find its way to a chain of CA till a default root CA in the library ? In any case my connection takes a few seconds and in debug stl I see a bunch of certificates going thru: if I am right, is there a way to make the connection faster by specifying as root the CA used by aws to signed my thing ?