ESP32 Forum

Hi,

I'm currently working with several ESP32 and OTA updates.

Since my app uses SSL/TLS certificates, I currently uses the following lines of code to get my .pem certificates from my project/server_certs folder and use them in my HTTPS client config :
Since I want to implement OTA for several ESP32 devices and update them all at the time using HTTPS OTA, I want to make sure they keep their own SSL certificate, meaning that I want to find a way to save the certificates somewhere in the memory that will not be erased during OTA update.

Any advice about the way to do this?

Thanks for your help

I finally found a way to avoid certificate substitution during OTA, by creating a SPIFFS partition in the ESP32 memory and saving the certificate inside of it.

Let me know if you wonder the way to do so, I would be happy to share my solution in details !

Hey Wasabinary,

I try to solve the same problem.
Could you pls share your solution in some detail?

Thank you

Klaas

Hi aeropagz,

To avoid certificate substitution, you may need to create a file system partition in the ESP32 flash (like SPIFFS or FatFS). To do so, you need to use a custom partition table (see Partition Table menu in sdkconfig of your project) where you add a fiel system partition. Inside of it, you can place your certificate, init the partition in your code and retrieve your files when you need them.

As you probably already know, HTTPS OTA update requires at least the otadata, ota_0 and ota_1 partitions, which are the only ones that are updated during the process. That means that your filesystem partition will not be changed during the update, which allows you to keep your certificate unharmed.

Let me know if you need more help