esp32_https_server icon indicating copy to clipboard operation
esp32_https_server copied to clipboard

Published 20 hours ago verified publisher icon fhessel

Use .crt and .key files directly from the filesystem ( LITTLEFS ) for SSL?

Open zekageri opened this issue 3 years ago • 5 comments

Describe Your Goal I want to use my key-pair certificates directly from filesystem

What Does Your Project Look Like I'm using LITTLEFS library along with esp32_https_server. I want to serve pages and other files from LITTLEFS too. The certificate comes from ZEROSSL. ( the only ca i can use )

It is possible in the following formats:

Default is .key and .crt

  • Apache
  • AWS
  • BigCommerce
  • cPanel
  • Google App Engine
  • Heroku
  • NGINX
  • Plesk
  • Tomcat
  • Ubuntu
  • WHM

zekageri avatar Jun 09 '21 09:06 zekageri

If I understand you correctly you would want to load your certs from file system and have the http server using them on ESP32 ?

olegsavelos avatar Jul 12 '21 13:07 olegsavelos

Yes. This is correct. I already using a file system with ASYNC webserver from Me_no_dev but i just wondered if i could use an FS with this library. Thank you.

zekageri avatar Jul 12 '21 17:07 zekageri

Ok then it should be possible. First of all you need to have your certificate and private key in pem format , here is an example on how to convert them with openssl https://wiki.segger.com/HOWTO_convert_PEM_certificates_and_keys_to_DER_format_for_emSSL After that you should be able to load them from the file system and use in the SSLCert constructor. Notice SSLCert constructor here image

olegsavelos avatar Jul 12 '21 19:07 olegsavelos

The doc for this is less than handy :-)

You basically need to put the DER (not PEM) format certificates in binary format into a pair of char * variables. e.g. to hard-code them, it would look like this:-

unsigned char certData[] =  {  0x30, 0x82, 0x05, 0x2f, 0x30, 0x82, 0x04, 0x17, 0xa0, 0x03, 0x02, 0x01,
  0x02, ... etc ... , 0x4b };
   uint16_t certLength = 1331;
unsigned char pkData[] = {  0x30, 0x82, 0x04, 0xa2, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
  0xb6, 0x81, ... etc ..., 0xfa };
  uint16_t pkLength = 1190;

To get the data for the above, you do something like this:-

  openssl x509 -in cert.pem -out cert.der -outform DER 
  openssl rsa -inform pem -in privkey1.pem -outform der -out privkey1.der
  xxd -i privkey1.der
  xxd -i cert.der

Then you create the "cert" pointer you need for later calls like this:-

SSLCert certd = SSLCert(
  (unsigned char *)&certData,
  certLength,
  (unsigned char *)&pkData,
  pkLength
);

SSLCert *cert = &certd;

gitcnd avatar Apr 10 '22 12:04 gitcnd

Here is a part of the code that I'm using, if it helps you somehow. I'm usign FAT file system though.

I'm also using a FTP server fpor uploading files: https://github.com/BojanJurca/Esp32_web_ftp_telnet_server_template/blob/master/moreExamples/A%20minimal%20FTP%20server.ino

code.zip

BojanJurca avatar May 07 '22 13:05 BojanJurca