SSL/TLS PEM file during runtime

Gienek
Posts: 10
Joined: Wed Dec 21, 2022 11:09 am

SSL/TLS PEM file during runtime

Postby Gienek » Tue May 21, 2024 10:26 am

Hi,
I need guidence. We are making IoT infrastructure with ESP32C3, ESP-IDF. I need MQTT WSS, MQTTS and HTTPS requests. So far I used OpenSSL to peek cerificate of servers and extract PEM file (examples). Everything is working. But how should it look like in production code?

My idea: do the same on ESP during runtime upon connection failure, recreate those files by connecting to the server.

I'm quite rookie in IoT.

MicroController
Posts: 1725
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: SSL/TLS PEM file during runtime

Postby MicroController » Tue May 21, 2024 12:14 pm

For basic TLS/HTTPS/MQTTS you don't need or want to know or store servers' certificates on the client.
Normally the client knows and trusts a list of long-term Root (CA) certificates, from which it dynamically establishes a (temporary) chain of trust for a given server's current certificate provided by the server during the TLS handshake.
mbedtls/ESP-IDF will by default do this for you automatically: https://docs.espressif.com/projects/esp ... undle.html
Last edited by MicroController on Thu May 23, 2024 9:48 am, edited 3 times in total.

Gienek
Posts: 10
Joined: Wed Dec 21, 2022 11:09 am

Re: SSL/TLS PEM file during runtime

Postby Gienek » Wed May 22, 2024 11:28 am

Thank you! That really helped :D

Who is online

Users browsing this forum: Google [Bot] and 245 guests