0$0.00

ESP32 Tips and tricks

0 Tips And Tricks

We are experimenting with ESP32 as the core of our COSO platform. Currently, we are porting the COSO Three firmware, based on Arduino MKR1000, into ESP32.

Here is a collection of tips as we perform this task.

SSL and ESP32

As COSO Three uses https to connect to the server’s database, we need to implement SSL with the ESP32. While with Arduino MKR1000 you add the certificates to the controller using the firmware updater sketch, and configuring the certificates thorough here in the Arduino IDE:

For ESP32 you need to add the certificate in the firmware. Obviously, the renewal of certificates is a good topic (a very good idea would be to implement the remote firmware update that works quite well with ESP32).

The ESP32 examples in the Arduino IDE include a simple sketch to test your SSL: WiFIClientSecure. If you are trying to check your own website, you might run into some issues. You need to read what the sketch says: the certificate to be included in base64 notation is the ROOT certificate authority of your website. To get to that, if you try to export the certificate from a browser in Windows10, make sure you are pointing to the correct level (the first, not other intermediates). As an example:

If you happen to select the second line (Intermediate CA), it will not work!

Once you export the certificate, make sure you select base-64:

You can save the file, open with notepad, and paste it in the sketch. You will have to add, for each line, the new line character \n and concatenate each line with the backslash. Example of what you export from Notepad:

—–BEGIN CERTIFICATE—–
MIIEwTCCA6mgAwIBAgISA0uZFchVNWh0j/Cy7O8TVATWMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD

[etc.]

In your sketch, you will add the characters in orange below:

—–BEGIN CERTIFICATE—–\n” \
MIIEwTCCA6mgAwIBAgISA0uZFchVNWh0j/Cy7O8TVATWMA0GCSqGSIb3DQEBCwUA\n” \
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD\n” \

and of course replace the backslash with a semi-colon for the last line.

It looks like root certificates have a long validity (many expire in 2038), but if yours expires earlier, consider that you will have to update the certificate in the firmware. For IoT devices that might be deployed in a roof, clearly you need to design your application considering wireless update of the firmware.

About The Author

Leave a Reply