Closed TinkerType closed 5 months ago
I don't know if you need to check (Check Certs) under use https
that static ip looks odd, does it work with http?
check certs is for external sites confidence (middle man attack)
you have to get certs exactly right, a tiny mistake will fail
only use https on ESP32S3, ESP32 has insufficient memory
Thanks very much rjsachse and s60sc. I just realized my whole idea was not going to work anyway, i.e. to use https through port forwarding with just an IP. Perhaps I will try a reverse proxy instead. I appreciate your responses!
Hi s60sc and everyone who tried this... I am trying to set up https for the web server, so far without success. http is working alright, but I would really prefer https with a self-signed certificate.
I followed the comments in certificates.cpp and entered the command on line 21 with my target IP to create the prvtkey_pem and cacert_pem files. So far so good....
I replaced the lines for the private key and certificate with the respective lines from the files.
Saved it, compiled and uploaded it to the board.
Then on the access point, I configured 'Access Settings' to 'Use HTTPS' and under 'Edit Config' -> 'Wifi' I entered the target IP in the field 'Static IP address'.
Alright... Saved the config and then 'Reboot ESP'.
At this point Chrome already refused to serve the page, which was expected, so I entered the certificates under 'Security' -> 'Manage Certificates' -> 'Trusted Freaking Root Certification Authorities'. The wizard allowed browsing to the 'cacert.pem' file, which I selected, Confirmed all buttons.
Target IP shows up in the list, all seems good... but no success. Browsing to the page still shows 'This site can't be reached'.
What is interesting is that trying http:// redirects to https://, so something must be there.
The log from the serial monitor says, there is a 'Wifi Station IP' using https, so that is promising, plus the web server is listening on 443, which also seems like a good start.
Btw, I did check the firewall in my router and previously with http;// all was working fine.
If anyone knows, what's the missing piece or what steps to take from here, I would greatly appreciate it. Thanks very much.