Skip to content

Fixed create_cert.sh script and updates sha import #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Fixed create_cert.sh script and updates sha import #192

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4fae9ac
Changed Names
LeBraveLittleToaster Oct 31, 2025
cc4307b
Fixed create_cert.sh script for up to date generation of certificates
LeBraveLittleToaster Oct 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 56 additions & 33 deletions extras/create_cert.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,56 +1,79 @@
#!/bin/bash
set -e
#------------------------------------------------------------------------------
# cleanup any previously created files
set -euo pipefail
rm -f exampleca.* example.* cert.h private_key.h

#------------------------------------------------------------------------------
# create a CA called "myca"
# ------------------------------
# Create a real CA (with CA:TRUE) using 4096-bit key
openssl genrsa -out exampleca.key 4096

# create a private key
openssl genrsa -out exampleca.key 1024

# create certificate
cat > exampleca.conf << EOF
cat > exampleca.conf << 'EOF'
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = DE
distinguished_name = dn
x509_extensions = v3_ca

[ dn ]
C = DE
ST = BE
L = Berlin
O = MyCompany
L = Berlin
O = MyCompany
CN = myca.local

[ v3_ca ]
basicConstraints = critical, CA:true, pathlen:0
keyUsage = critical, keyCertSign, cRLSign
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer
EOF
openssl req -new -x509 -days 3650 -key exampleca.key -out exampleca.crt -config exampleca.conf
# create serial number file
echo "01" > exampleca.srl

#------------------------------------------------------------------------------
# create a certificate for the ESP (hostname: "myesp")
openssl req -new -x509 -days 3650 -sha256 \
-key exampleca.key -out exampleca.crt -config exampleca.conf

# create a private key
# Create serial file automatically (or let -CAcreateserial do it)
echo "01" > exampleca.srl

# ------------------------------
# Create server key + CSR with proper extensions + SAN
openssl genrsa -out example.key 1024
# create certificate signing request
cat > example.conf << EOF

cat > example.conf << 'EOF'
[ req ]
distinguished_name = req_distinguished_name
prompt = no
[ req_distinguished_name ]
C = DE
prompt = no
distinguished_name = dn
req_extensions = v3_req

[ dn ]
C = DE
ST = BE
L = Berlin
O = MyCompany
L = Berlin
O = MyCompany
CN = esp32.local

[ v3_req ]
basicConstraints = CA:false
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = esp32.local
DNS.2 = myesp
EOF
openssl req -new -key example.key -out example.csr -config example.conf

# have myca sign the certificate
openssl x509 -days 3650 -CA exampleca.crt -CAkey exampleca.key -in example.csr -req -out example.crt
openssl req -new -sha256 -key example.key -out example.csr -config example.conf

# Sign leaf cert with the CA, carrying over the server extensions
openssl x509 -req -days 3650 -sha256 \
-in example.csr -CA exampleca.crt -CAkey exampleca.key \
-CAserial exampleca.srl \
-extfile example.conf -extensions v3_req \
-out example.crt

# verify
echo "-- verifying openssl certificate now ---"
openssl verify -CAfile exampleca.crt example.crt

echo "--- verifying openssl certificate finished ---"

# convert private key and certificate into DER format
openssl rsa -in example.key -outform DER -out example.key.DER
openssl x509 -in example.crt -outform DER -out example.crt.DER
Expand Down
6 changes: 3 additions & 3 deletions library.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,14 +1,14 @@
{
"name": "esp32_https_server",
"name": "esp32_brave_https_server",
"keywords": "communication, esp32, http, https, server, ssl, tls, webserver, websockets",
"description": "Alternative ESP32 Webserver implementation for the ESP32, supporting HTTPS and HTTP. The library provides TLS support and simultaneous connections. It can be used to run an HTTP or HTTPS server, or both in parallel. The server's resources are defined through handler and middleware functions, giving an easy start to everyone who has worked with frameworks like Express or Servlets before.",
"repository":
{
"type": "git",
"url": "https://github.com/fhessel/esp32_https_server.git"
"url": "https://github.com/LeBraveLittleToaster/esp32_brave_https_server"
},
"license": "MIT",
"version": "1.0.0",
"version": "0.0.1",
"frameworks": "arduino",
"platforms": ["espressif32"]
}
4 changes: 2 additions & 2 deletions library.properties
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
name=ESP32_HTTPS_Server
version=1.0.0
author=Frank Hessel <[email protected]>
maintainer=Frank Hessel <frank@fhessel.de>
maintainer=Pascal Schiessle <pascal.schiessle@web.de>
sentence=Alternative ESP32 Webserver implementation for the ESP32, supporting HTTPS and HTTP.
paragraph=The library provides TLS support and simultaneous connections. It can be used to run an HTTP or HTTPS server, or both in parallel. The server's resources are defined through handler and middleware functions, giving an easy start to everyone who has worked with frameworks like Express or Servlets before.
category=Communication
url=https://github.com/fhessel/esp32_https_server
url=https://github.com/LeBraveLittleToaster/esp32_brave_https_server
architectures=esp32
includes=HTTPSServer.hpp,HTTPRequest.hpp,HTTPResponse.hpp
2 changes: 1 addition & 1 deletion src/HTTPConnection.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

#include <string>
#include <mbedtls/base64.h>
#include <hwcrypto/sha.h>
#include <esp32/sha.h>
#include <functional>

// Required for sockets
Expand Down