William Lucid asked 4 years ago
Video : #232 How to secure our devices using SSL (ESP8266, ESP32, Tutorial) by Andreas Spiess; was inspiration for my attempt at using IFTTT service Maker channel, webHooks to send Android SMS triggered by ESP8266.
Project compiles with no error. Does not connect to host; with the message “Unable to connect TCP socket.” Checked Norton firewall, port 443 is open in NF. Using “Open Port Tool” to check if port is actually open; port shows closed. Totally confused since web browser handles HTTPS requests okay. I can trigger the webHook event from the webHooks documentation web page. Xfinity is my ISP; “XFi” portal shows port 443 is correctly forwarded.
Exporting certicate/s is new to me. Do you have anything on using HTTPS and Root Certificate/s?
Best Regards,
William
William Lucid answered 4 years ago
Believe port 443 is closed until certificate is validated. This appears to be the case when using ESP32, “WiFiClientSecure.ino” example sketch; port opened allowing connection to server in the example sketch. “Open Port Tool” web tool showed Port 443 was still closed; prior to running “WiFiClientSecure.ino sketch. Then after running sketch; Port 443 OPT showed closed again…
Project uses IFTT, Maker channel with webhooks to send a SMS text; alerting that the sump pit water level is critcally high.
“https://maker.ifttt.com/trigger/HIGHWATER/with/key/mykey,” “mykey” is my private key; this is the URL that triggers the SMS cellphone text.
If I export certificate for this URL it is valid only for one month; need a valid certificate for a longer time period, perhaps a year.
William
Rui Santos Staff answered 4 years ago
Hello William, unfortunately that’s the problem with certificates… They will expire and you’ll have to update the ESP code with the new issued certificate. (that’s why I haven’t posted a tutorial on that subject, because I don’t think it will be a good option for a long term application).
My question is: do you really need HTTPS for that application? Encrypting your request is only useful, if you are afraid that someone can access your network (where your ESP is connected to) and potentially sniff all your requests. If your ESP is on a “safe” network, you can pretty much make HTTP requests to other services.
NOTE: the ESP32 has the WifiClientSecure library. So, if your ESP32 is the client, there’s no need for a certificate. A certificate is used to be sure that the client is connected to the right server. The certificate is recommended but not needed for the https connection itself.
You could use this next sketch to make HTTPS POST requests to IFTTT with your ESP32 (without certificate):
For the ESP8266, you’ll need to use at least a fingerprint:
I hope that helps!
Rui
William Lucid answered 4 years ago
Thank you Rui, that information from your answer will be of use. I was able to find a longer lasting certificate (good until Sept 2037!.) I created a short video of the process I used in exporting the certificate. Sorry I did not narrate the video…
Retrieve and export Certificate for HTTPS
Reference: https://www.youtube.com/watch?v=Wm1xKj4bKsY
#232 How to secure our devices using SSL (ESP8266, ESP32, Tutorial)
Andreas Spiess There is a link below Mr. Spiess’s video for github; for ESP32.ESP8266 sketches and python modules to convert certificate format.
Thank you Rui.
William
Rui Santos Staff answered 4 years ago
Thank you so much for sharing! That’s a great solution, we’ll definitely try to create a guide on HTTPS in a near future.
Regards,
Rui Santos
Rui Santos Staff answered 4 years ago
Thank you William for sharing this resource and I’m glad you found this great solution. I’ll definitely work on a future project using this concept.
Regards,
Rui
William Lucid answered 4 years ago
Rui Santos Staff answered 4 years ago
Thanks for sharing that document! It’s going to be very helpful 🙂