HTTPS ESP-IDF

baotd_innova
Posts: 11
Joined: Tue Jan 30, 2024 2:00 am

HTTPS ESP-IDF

Postby baotd_innova » Sat Sep 28, 2024 4:21 am

Hi,

I have a problem for certificate key https with esp-idf V5.1.3. I have hardcoded the certificate key in the code, but after a period of time, the certificate key in my tool becomes outdated. I need a solution for this issue.

Thank you for your support.
Best regards,
Bao Doan

MicroController
Posts: 1832
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: HTTPS ESP-IDF

Postby MicroController » Sat Sep 28, 2024 8:05 pm

Solution 1: Don't make your certificate expire.
Solution 2: Update the firmware whenever you want to replace the certificate.
Solution 3: Store the certificate seperate from your application, e.g. in NVS or a dedicated data partition; then update the certificate from within the firmware (NVS or partition) or by flashing a new certificate to the data partition.

baotd_innova
Posts: 11
Joined: Tue Jan 30, 2024 2:00 am

Re: HTTPS ESP-IDF

Postby baotd_innova » Mon Sep 30, 2024 2:19 am

Hi MicroController,

Is there an automatic mechanism to update certificates ?
I currently have certificates stored in a dedicated data partition so they can be updated. So I need a solution to update certificates.

Thanks for your reply.
Best regards,
Bao Doan

MicroController
Posts: 1832
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: HTTPS ESP-IDF

Postby MicroController » Mon Sep 30, 2024 8:35 pm

Maybe you're looking for an ACME client, like this one; or maybe not.

greycon
Posts: 33
Joined: Fri Nov 03, 2023 9:59 pm

Re: HTTPS ESP-IDF

Postby greycon » Tue Oct 01, 2024 9:23 pm

Hi, are you storing a Public Key in your certificate? So you are verifying the identity of an SSL partner? Or are you storing a private key, so you are using this key to sign some data, or to send a client-cert in an SSL handshake?

baotd_innova
Posts: 11
Joined: Tue Jan 30, 2024 2:00 am

Re: HTTPS ESP-IDF

Postby baotd_innova » Wed Oct 02, 2024 9:25 am

Hi greycon,
Currently, I use the key to sign some data, and I am storing a public key.

MicroController
Posts: 1832
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: HTTPS ESP-IDF

Postby MicroController » Wed Oct 02, 2024 10:03 am

We're not getting anywhere here. Please be more specific.

You mentioned HTTPS. Is the certificate in question used for HTTPS? If so, is the ESP running an HTTPS client or server?

You cannot sign data with a public key. So does the ESP sign any data or does it only verify a signature from elsewhere?

Where does the certificate come from? Is it self-signed or signed by a third party (CA, i.e. certificate chain with trusted root certificate)?

Who is online

Users browsing this forum: No registered users and 73 guests