Hi, I'm trying to make https requests from an esp8266/esp32 without specifying the fingerprint/certificate
What I want is for the esp itself to obtain the necessary data for secure communication, which library/method/system should I use?
Hi, I'm trying to make https requests from an esp8266/esp32 without specifying the fingerprint/certificate
What I want is for the esp itself to obtain the necessary data for secure communication, which library/method/system should I use?
Obviously you have no clue how TLS (that's the 'S' in HTTPS) works. Your ESP will work fine if your server uses an official CA to get it's certificate. If the server uses a self signed certificate (or something similar like using your own CA, which I preclude here given your experience) you have to provide that certificate.
Are you sure you need a secure communication? In that case you should learn about these things because you don't get security without a good knowledge about how that works and what trust you need or don't need.
Let's see, first of all, I know exactly what TLS/SSL is, I'm IT, but, ALL the examples/documentation that I've been able to find, you have to specify the fingerprint or the certificate, it doesn't matter if it's a page with a certificate self-signed or with CA server, now, if you have an example that does it automatically, expose it instead of simply saying that I have no idea what I'm talking about
Yes, I need a secure communication since it is the connection with an API
I had no intention to snub you. I've seen in many tutorials that at least www.google.com can be accessed without providing the root certificate.
How do you expect to get the necessary information about the trusted CA certificate? Of course you can call setInsecure() on the client to disable the certificate trust status check but you wrote you need secure communication and not that you just need a TLS enabled connection.
Why isn't it possible to simply provide the CA root certificate of that API server to the sketch you're programming? What API is it? Does the API server provide the CA certificate?
I suppose that the method would be similar to how a browser does, it connects to the web pos http, obtains its certificate and passes to https
because it must be an independent system, it should not require reprogramming every 6 months
It's a BD api that I'm programming
the server has a self-signed certificate
Which browser does it that way? None of what I'm aware of. Browsers have a list of trusted CA root certificates and accept all certificates that have such a certificate as the root signer.
And you wrote you need a secure connection, that process is definitely not secure. If that level of "security" is enough for your purpose, just call setInsecure() on the client object and you're done.
What keeps you from creating your own certificate with a 10 year expiration and providing that certificate (self-signed) or it's CA cert to the sketch?
BD API is no term I'm familiar with. What does it mean?
As I wrote above, make the certificate long-lasting and you're done.
Each website has its own certificate, in theory, or there are two the same, browsers do store some certificates, but those that do not have, or when they expire, you must obtain them from somewhere, what I try is to carry out the same process .
No, set insecure is not enough, I try to make the connection private, through https
The main problem is that I try to make the final result connect to any server with my API, if I do it with a fixed certificate, I won't be able to do it like this
I call it DB API, but because there is nothing similar that I have found, it is a system that by means of a key and a number, you can access some variables in .json format.
Each team that joins will connect to the server's IP through a sweep of queries and this will contain the file with the variables.
Sorry, but for an IT pro you know alarmingly little about TLS. Not every website has it's own certificate, only the ones that are available over HTTPS.
If such a certificate expires the browser does not connect and shows a bold warning but the only way to get around that warning is to get a new certificate and install it on the server.
The process you're describing doesn't exist in reality.
The connection will still be over HTTPS, just the certificate isn't checked anymore. I assume that's exactly what you're trying to achieve.
OK, then activate the setInsecure() flag. That will solve the mentioned problems. You won't get a secure connection but given your requirements this isn't possible anyway.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.