1

I want to create an SSL connection with my site to send data and every time I connect it fails!

I am using WiFiClientSecure.h library but I don't know where is the problem is it from code or library or from my site?

here is my code:

 #include <ArduinoJson.h>
 #include <ESP8266WiFi.h>
 #include <DHT.h>
 #include <WiFiClientSecure.h>


  #define DHTPIN D6
 #define DHTTYPE DHT11 


 const char* ssid     = "SSID";
 const char* password = pass";


 char host[] = "mysite.com";
 DHT dht(DHTPIN, DHTTYPE);

 void setup() {

   Serial.begin(115200);
   delay(100);
   dht.begin();
   Serial.println();
   Serial.println();
   Serial.print("Connecting to ");
   Serial.println(ssid);

   WiFi.begin(ssid, password); 
   while (WiFi.status() != WL_CONNECTED) {
     delay(500);
     Serial.print(".");
   }

   Serial.println("");
   Serial.println("WiFi connected");  
  Serial.println("IP address: ");
   Serial.println(WiFi.localIP());
   Serial.print("Netmask: ");
   Serial.println(WiFi.subnetMask());
   Serial.print("Gateway: ");
   Serial.println(WiFi.gatewayIP());


 }

 void loop (){
   float h = dht.readHumidity();
   // Read temperature as Celsius (the default)
   float t = dht.readTemperature();
   if (isnan(h) || isnan(t)) {
     Serial.println("Failed to read from DHT sensor!");
     return;
   }

   Serial.print("connecting to ");
   Serial.println(host);

   int httpPort = 443;
   //Add a SSL client
    WiFiClientSecure client;
   if (!client.connect(host, httpPort)) {
      Serial.println("connection failed");
     return;
   }

   String url = "/insert.php?temp=" + String(t) + " ;
   Serial.print("Requesting URL: ");
   Serial.println(url);

   client.print(String("GET ") + url + " HTTP/1.1\r\n" +
           "Host: " + host + "\r\n" + 
           "Connection: close\r\n\r\n");
   delay(500);

   while(client.available()){
      String line = client.readStringUntil('\r');
     Serial.print(line);
   }

   Serial.println();
 Serial.println("closing connection");

 }

Is the issue in the code or from my site?

Improve this question
4
  • Mmm so I have to add my root_ca ? Commented May 18, 2019 at 10:59
  • Yes thank you very much...mean while I will try from my side...but I discovered that my site SSL uses TLS v1.3! will this change in the code ? Commented May 18, 2019 at 11:05
  • Thanks Terry, so I am going to follow what is in your link attached in the first comment! and get back with the result :) Commented May 18, 2019 at 11:12
  • Thanks I solved it with fingerprint and works fine Commented May 18, 2019 at 13:38

1 Answer 1

Reset to default
1

The ESP8266 is an embedded processor. It has many limitations. One of them is that it doesn't store certificates for any CAs.

As the documentation for the esp32 says "here are three ways to establish a secure connection using the WiFiClientSecure class: using a root certificate authority (CA) cert, using a root CA cert plus a client cert and key, and using a pre-shared key (PSK)."

If your cert is signed by a server with a well known CA then you can use CA method. You call the setCACert function with the certifcate that you can obtain using openssl. You need to save this certificate in as an array. It should look someling like this (DER) format.

 const char* test_root_ca= \
 "-----BEGIN CERTIFICATE-----\n" \
 "MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/\n" \
 "MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\n" \
 "DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow\n" \
 "SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT\n" \
      ............
 "KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==\n" \
 "-----END CERTIFICATE-----\n";

The in your code you should place a 

client.setCACert(test_root_ca);

before you call the client.connect.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.