Open cwhzzang opened 4 years ago
Hello, I have the same use case and the same question : what 's about reloading a certificate after expiration (need to reflash ESP) ?
And thank you for the great job !
Yes. When the certificate expires you have to:
Please keep in mind that I created this project as a proof of concept. My intention was to show, and prove, the steps required to make a secure connection. As I move forward with another more production ready project, I will make efforts to add a “secure over-the-air certificate update” feature, and other usability features, to this project.
Yes. When the certificate expires you have to: generate a new certificate, update secure_credentials.h, recompile the source code, flash the ESP
Please keep in mind that I created this project as a proof of concept. My intention was to show, and prove, the steps required to make a secure connection. As I move forward with another more production ready project, I will make efforts to add a “secure over-the-air certificate update” feature, and other usability features, to this project.
Thank for the process to re-inject the new certificate manually, and I agree, it is OK for a POC.
About the "auto-renew", do you plan about a regulary checking for a certificate on a http authenticated server or "OTA update" process ?
My plan is to have a database that keeps track of the expiry dates of all relevant certificates. Then, where appropriate, kick off an automated process to update the certificates that are close to expiring. I feel that “regularly checking” certificates is not as secure because there is a possibility of being spoofed.
Hello, thank you for your contributions. I executed your program. It worked very well. But I have a problem. I entered my server credentials in the file "secure_credentials.h". But my server certificate will expire someday. When certificate expire, I will extend and replace the server's certificate in server. After that, do I need to re-modify this file "secure_credentials.h"? Or is ESP_8266 able to connect to the server without modification?