What I'm looking for is secure Peer to Peer bidirectional communications on a local network because in some cases there may not have internet access so I can't facilitate with a cloud server.
What I was trying to do. Is there another way? Or a way to make this work?
Secure websocket server on an es32 without domain using IP only. Connected to by a client in browser or mobile app.
I am posting this as a new topic because I believe I understand the handshake error I am getting is related to the Common Name of the certificate not matching the domain of the server. Please correct me if I'm wrong.
Problem: Need to connect to an esp32 websocket server with an arbitrary IP address assigned by DHCP on any local network.
For the https server example the workaround is allow to proceed to untrusted site in the browser. But for a websocket that is accessed either from the browser or an app this is not an option.
Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.
How do I get around this? I'd rather do this in a secure way. Is this just going to require an intermediary server so that both the App/Browser and the ESP32 are clients to my cloud service which acts as a pass through?
Is MQTT a better option? But I'm assuming I'll run into the same certificate issue.
Any suggestions would be very appreciated!
Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?
Re: Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?
Hi there!
>Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.
Can't you use MDNS so you can resolve the IP address? Just as the ESP32 Mesh lamps do. Reference:
https://docs.espressif.com/projects/esp ... /mdns.html
As per the Certificate issue I really don't get what is going on. But it's properly documented and there are also many examples to see how it's setted up and it should work.
Here you can see an example in one component of mine, to download a JPG image from a secure site, using a SSL certificate.
About the transport method, if it's Web socket, HTTPS or MQTT that is something of your choice depending on what favours better your implementation.
>Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.
Can't you use MDNS so you can resolve the IP address? Just as the ESP32 Mesh lamps do. Reference:
https://docs.espressif.com/projects/esp ... /mdns.html
As per the Certificate issue I really don't get what is going on. But it's properly documented and there are also many examples to see how it's setted up and it should work.
Here you can see an example in one component of mine, to download a JPG image from a secure site, using a SSL certificate.
About the transport method, if it's Web socket, HTTPS or MQTT that is something of your choice depending on what favours better your implementation.
epdiy collaborator | http://fasani.de Fan of Espressif MCUs and electronic design
Re: Help with secure Peer to Peer bidirectional communications on a local network: Websocket? MQTT? Other?
You would have to install the root certificate in the client browser or app and then generate new certificates on the esp32 device when the IP changed.Since I don't know the IP ahead of time, I can't sign a certificate with the proper IP, especially since this is bound to change.
Otherwise with an app you could use something like psk dtls which Ikea tradfri uses.
Who is online
Users browsing this forum: No registered users and 134 guests