Page 1 of 1
HTTPS ESP-IDF
Posted: Sat Sep 28, 2024 4:21 am
by baotd_innova
Hi,
I have a problem for certificate key https with esp-idf V5.1.3. I have hardcoded the certificate key in the code, but after a period of time, the certificate key in my tool becomes outdated. I need a solution for this issue.
Thank you for your support.
Best regards,
Bao Doan
Re: HTTPS ESP-IDF
Posted: Sat Sep 28, 2024 8:05 pm
by MicroController
Solution 1: Don't make your certificate expire.
Solution 2: Update the firmware whenever you want to replace the certificate.
Solution 3: Store the certificate seperate from your application, e.g. in NVS or a dedicated data partition; then update the certificate from within the firmware (NVS or partition) or by flashing a new certificate to the data partition.
Re: HTTPS ESP-IDF
Posted: Mon Sep 30, 2024 2:19 am
by baotd_innova
Hi MicroController,
Is there an automatic mechanism to update certificates ?
I currently have certificates stored in a dedicated data partition so they can be updated. So I need a solution to update certificates.
Thanks for your reply.
Best regards,
Bao Doan
Re: HTTPS ESP-IDF
Posted: Mon Sep 30, 2024 8:35 pm
by MicroController
Maybe you're looking for an ACME client, like
this one; or maybe not.
Re: HTTPS ESP-IDF
Posted: Tue Oct 01, 2024 9:23 pm
by greycon
Hi, are you storing a Public Key in your certificate? So you are verifying the identity of an SSL partner? Or are you storing a private key, so you are using this key to sign some data, or to send a client-cert in an SSL handshake?
Re: HTTPS ESP-IDF
Posted: Wed Oct 02, 2024 9:25 am
by baotd_innova
Hi greycon,
Currently, I use the key to sign some data, and I am storing a public key.
Re: HTTPS ESP-IDF
Posted: Wed Oct 02, 2024 10:03 am
by MicroController
We're not getting anywhere here. Please be more specific.
You mentioned HTTPS. Is the certificate in question used for HTTPS? If so, is the ESP running an HTTPS client or server?
You cannot sign data with a public key. So does the ESP sign any data or does it only verify a signature from elsewhere?
Where does the certificate come from? Is it self-signed or signed by a third party (CA, i.e. certificate chain with trusted root certificate)?