ESP32 Forum

ESP32 Official Forum
http://esp32.io/

SSL/TLS PEM file during runtime

http://esp32.io/viewtopic.php?f=13&t=39966

Page 1 of 1

SSL/TLS PEM file during runtime

Posted: Tue May 21, 2024 10:26 am
by Gienek
Hi,
I need guidence. We are making IoT infrastructure with ESP32C3, ESP-IDF. I need MQTT WSS, MQTTS and HTTPS requests. So far I used OpenSSL to peek cerificate of servers and extract PEM file (examples). Everything is working. But how should it look like in production code?

My idea: do the same on ESP during runtime upon connection failure, recreate those files by connecting to the server.

I'm quite rookie in IoT.

Re: SSL/TLS PEM file during runtime

Posted: Tue May 21, 2024 12:14 pm
by MicroController
For basic TLS/HTTPS/MQTTS you don't need or want to know or store servers' certificates on the client.
Normally the client knows and trusts a list of long-term Root (CA) certificates, from which it dynamically establishes a (temporary) chain of trust for a given server's current certificate provided by the server during the TLS handshake.
mbedtls/ESP-IDF will by default do this for you automatically: https://docs.espressif.com/projects/esp ... undle.html

Re: SSL/TLS PEM file during runtime

Posted: Wed May 22, 2024 11:28 am
by Gienek
Thank you! That really helped :D
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/