Good day! I'm using ESPAsyncWebServer, and I control my components through a website using the ESP32's IP address. However, it is not secure, as shown in the image below. How can I make it secure so I can allow website access to features like the microphone, etc.?
To the best of my knowledge, although it is technically feasible, the library in question either does not support this functionality or it is very poorly documented.
In my opinion, the primary reason for this is that it is not critical for most use cases. If your ESP32 is located within a well-secured LAN, the added benefit of encrypted communication is minimal.
Conversely, if you need to control your device remotely over the Internet, doing so requires opening router ports and assigning a static IP address—both of which are generally considered poor practices in terms of web security.
1 Like
If you need a https server you can take a look at: GitHub - fhessel/esp32_https_server: Alternative ESP32 Webserver implementation for the ESP32 Arduino Core, supporting HTTPS and HTTP.
1 Like
You cannot have a legit certificate for private IP addresses, like 192.168.*.* or 10.*.*.*. Certs are usually associated with host names. Public IP addresses are allowed.
Earlier thread
which discusses a newer (but now archived) library, HTTPS_Server_Generic, a derivative of esp32_https_server that supposedly supports more ESP32 boards/platforms.
1 Like
You can use self-signed certificate for local IP address as well. The browser would consider the connection being safe. If you manually enter the certificate to the trust store it will be completely seamless. And if you are using it from a local network you would still be 100% sure that it was you that created the certificate.
To make your ESPAsyncWebServer secure, you need to enable HTTPS, which requires an SSL/TLS certificate. Since the ESP32 has limited resources, you can use a reverse proxy like Nginx or Cloudflare Tunnel to handle HTTPS externally, or consider hosting security-critical features on a separate secure server.