3

I'm reading very different things about certificates in IoT. I'm struggling to make a choice on how to manage this.

Here's the situation:

  • I'm using ESP32
  • I don't have much storage available
  • I need to send data to a server through HTTPS
  • I need to receive data from this same server
  • I'm using Let's Encrypt on server's side
  • I can do OTA updates but I'd like to avoid it the most possible

Edit :

  • I need server authentication
  • I don't need client authentication

Which certificate do I have to embed into ESP32?

Aliz
  • 131
  • 3

1 Answers1

2

You've not said if you want to do client authentication via certificate as well as the usual server validation.

Assuming just server validation then you need to include the Certificate Authority chain to be able to validate the certificate presented by the HTTP server. In this case it would the Lets Encrypt chain which is available from here: https://letsencrypt.org/certificates/

You will need either the ISRG Root cert and the matching signed intermediate certificate or the the IdenTrust Root CA cert and the matching intermediate. Personally I would pick the first option.

If you want to do client authentication as well then you will need to generate certificates and private keys for each device and include these as well.

hardillb
  • 12,813
  • 1
  • 21
  • 34