Topic: Authenticating a Dynamic DNS server
Our company uses a wolfMQTT together with wolfSSL on a pic32 embedded client to communicate with a third party MQTT broker let's call it "domain1".
The pic32 client has "domain1" server certificate planted within the code and wolfSSL_check_domain_name() function is called to authenticate the domain. The connection is secured and is working great.
While the pic32 MQTT clients are being scattered in customer's sites all over the world, it might happen that this third party MQTT broker would not be reliable anymore.
In order to solve this possible problem, we decided to create a middle-way dns record (let's call it "domain2") in our private server that points to the dns of whatever MQTT broker that will be used in the future (currently "domain1" but can be "domain3" in the future) - like a lined list (-: .
Currently we tried changing the wolfMQTT "DEFAULT_MQTT_HOST" from pointing to good old "domain1" to pointing the middle-way DNS record "domain2" and it does not connect. I guess its because the pre-planted server certificate certificate still has "domain1" in it.
The question is: what server certificate (and its domain) is require to pre-plant inside the pic32 MQTT client in order to communicate with every possible domain that will be pointed by "domain2"(i believe this is called dynamic DNS)?
Thanks in advanced,