HTTPS ESP-IDF

[baotd_innova]

Hi,

I have a problem for certificate key https with esp-idf V5.1.3. I have hardcoded the certificate key in the code, but after a period of time, the certificate key in my tool becomes outdated. I need a solution for this issue.

Thank you for your support.
Best regards,
Bao Doan

[MicroController]

Solution 1: Don't make your certificate expire.
Solution 2: Update the firmware whenever you want to replace the certificate.
Solution 3: Store the certificate seperate from your application, e.g. in NVS or a dedicated data partition; then update the certificate from within the firmware (NVS or partition) or by flashing a new certificate to the data partition.

[baotd_innova]

Hi MicroController,

Is there an automatic mechanism to update certificates ?
I currently have certificates stored in a dedicated data partition so they can be updated. So I need a solution to update certificates.

Thanks for your reply.
Best regards,
Bao Doan

[MicroController]

Maybe you're looking for an ACME client, like this one; or maybe not.

[greycon]

Hi, are you storing a Public Key in your certificate? So you are verifying the identity of an SSL partner? Or are you storing a private key, so you are using this key to sign some data, or to send a client-cert in an SSL handshake?

[baotd_innova]

Hi greycon,
Currently, I use the key to sign some data, and I am storing a public key.

[MicroController]

We're not getting anywhere here. Please be more specific.

You mentioned HTTPS. Is the certificate in question used for HTTPS? If so, is the ESP running an HTTPS client or server?

You cannot sign data with a public key. So does the ESP sign any data or does it only verify a signature from elsewhere?

Where does the certificate come from? Is it self-signed or signed by a third party (CA, i.e. certificate chain with trusted root certificate)?