Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use per sensor self signed certificate for https server #238

Closed
3 of 5 tasks
amandel opened this issue Apr 17, 2021 · 0 comments · Fixed by #248
Closed
3 of 5 tasks

Use per sensor self signed certificate for https server #238

amandel opened this issue Apr 17, 2021 · 0 comments · Fixed by #248
Assignees
@amandel
Labels
security webserver
Milestone
1000 OBS

Comments

@amandel
Copy link
Member

amandel commented Apr 17, 2021
edited
Loading

https://github.com/fhessel/esp32_https_server/blob/de1876cf6fe717cf236ad6603a97e88f22e38d62/examples/REST-API/REST-API.ino#L219 is exactly what we need

That seems not sufficient. The generated cert must adhere to some Apple rules also:

So we need:

  • Extend the cert creation method to add the extension attributes (seem to be well supported by mbedtls but not directly by the https server utility method). Supported via: self-signed certificates: Add CN as subjectAltName fhessel/esp32_https_server#113
  • A way to trigger generation of new cert (can not create cert for 10 years)
  • Way to download the cert for local install (application/octet-stream (?) obs.cer, base64), also via http access.
  • Increase length to 2048 which will increase key creation time, we need a progress bar or similar
  • Put some documentation on the http welcome page (specific for Mac? / Android? / Linux / iOS / Win)?
@amandel amandel added this to the 1000 OBS milestone Apr 19, 2021
@amandel amandel self-assigned this May 13, 2021
@amandel amandel linked a pull request May 13, 2021 that will close this issue
Use per device self signed cert #238 #248
Merged
amandel added a commit that referenced this issue May 30, 2021
@amandel
Use per device self signed cert #238 (#248) and others
0c11f88 
* Use per device self signed cert, closes #238
* Deletion of single tracks through the web interface, closes #163
* put firmware.bin on top level directory for better archive handling
* extend details listed on the about page (WiFi & HTTP details)
* Minor text cleanup, new 404 page.
* add possibility to set pin used for HTTP, documented pin configuration
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amandel amandel

Labels
security webserver
Projects
None yet
Milestone
1000 OBS
Development

Successfully merging a pull request may close this issue.

Use per device self signed cert #238 openbikesensor/OpenBikeSensorFirmware
1 participant
@amandel