Hi,
I need guidence. We are making IoT infrastructure with ESP32C3, ESP-IDF. I need MQTT WSS, MQTTS and HTTPS requests. So far I used OpenSSL to peek cerificate of servers and extract PEM file (examples). Everything is working. But how should it look like in production code?
My idea: do the same on ESP during runtime upon connection failure, recreate those files by connecting to the server.
I'm quite rookie in IoT.
SSL/TLS PEM file during runtime
-
- Posts: 1696
- Joined: Mon Oct 17, 2022 7:38 pm
- Location: Europe, Germany
Re: SSL/TLS PEM file during runtime
For basic TLS/HTTPS/MQTTS you don't need or want to know or store servers' certificates on the client.
Normally the client knows and trusts a list of long-term Root (CA) certificates, from which it dynamically establishes a (temporary) chain of trust for a given server's current certificate provided by the server during the TLS handshake.
mbedtls/ESP-IDF will by default do this for you automatically: https://docs.espressif.com/projects/esp ... undle.html
Normally the client knows and trusts a list of long-term Root (CA) certificates, from which it dynamically establishes a (temporary) chain of trust for a given server's current certificate provided by the server during the TLS handshake.
mbedtls/ESP-IDF will by default do this for you automatically: https://docs.espressif.com/projects/esp ... undle.html
Last edited by MicroController on Thu May 23, 2024 9:48 am, edited 3 times in total.
Re: SSL/TLS PEM file during runtime
Thank you! That really helped
Who is online
Users browsing this forum: No registered users and 268 guests