![\"ESP32](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/ESP32-ESP8266-HTTPS-Basic-Concepts.jpg?resize=1200%2C675&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nTable of Contents<\/strong><\/p>\n\n\n\n Throughout this article, we’ll cover the following subjects:<\/p>\n\n\n\n HTTPS is the secure version of the HTTP protocol, hence the \u201cS\u201d, which stands for secure.<\/p>\n\n\n\n HTTP is a protocol to transfer data over the internet. When that data is encrypted with SSL\/TLS, it\u2019s called HTTPS.<\/p>\n\n\n To simplify, HTTPS is just the HTTP protocol but with encrypted data using SSL\/TLS.<\/p>\n\n\n\n Using HTTPS ensures the following:<\/p>\n\n\n\n SSL <\/strong>stands for S<\/strong>ecure S<\/strong>ocket L<\/strong>ayer and TLS<\/strong> stands for T<\/strong>ransport L<\/strong>ayer S<\/strong>ecurity. These are two protocols used for secured encryption. SSL is currently deprecated. TLS 1.3 is currently the most recent protocol used for secure encryption on the web.<\/p>\n\n\n\n There are two types of encryption algorithms: symmetric key algorithm<\/strong> and asymmetric key algorithm<\/strong>.<\/p>\n\n\n\n Symmetric Key Encryption<\/strong><\/p>\n\n\n\n With a symmetric-key algorithm, the same key is used to encrypt and decrypt the messages. So, both the client and server need to have the same key.<\/p>\n\n\n The disadvantage of using a symmetric key algorithm is that keys are hard to share and you need to be careful how and with who you distribute the key.<\/p>\n\n\n\n Asymmetric Key Encryption<\/strong><\/p>\n\n\n\n The SSL\/TLS encryption uses asymmetric keys.<\/p>\n\n\n How does asymmetric key encryption work? Very briefly:<\/p>\n\n\n\n In summary, here\u2019s how it works:<\/p>\n\n\n\n How the communication between the server and client works over HTTPS? The following diagram shows a high-level overview of how it works.<\/p>\n\n\n SSL certificates are issued by legitimate Certificate Authorities. One of the most known is LetsEncrypt. Certificate Authorities also confirm the identity of the certificate owner and provide proof that the certificate is valid. <\/p>\n\n\n\n When a Certificate Authority issues a certificate, it signs the certificate with its root certificate. This root certificate should be on the database of trusted certificates.<\/p>\n\n\n Your browser then checks if the certificate is valid (if it was signed with a root certificate on the database of trusted root certificates) and displays a green lock icon on the browser bar if it is.<\/p>\n\n\n\n You can self-sign your certificates. These provide the same level of encryption as one generated by an authority, and these are free. However, all browsers will check if the certificate is issued by a trusted Certificate Authority. So, you\u2019ll be warned by your browser that the site you\u2019re visiting is not safe because it doesn\u2019t trust the certificate and so, can\u2019t identify its owner.<\/p>\n\n\n The web browser will display a warning sign and the HTTPS letters in red. This means the website has a certificate, but the certificate is unverified (like self-signed certificates) or out of date. This means that the connection between you and the server is encrypted, but no one can guarantee that the domain really belongs to the company indicated on the site. <\/p>\n\n\n\n Self-signed certificates are fine to use on your DIY and IoT projects, intranets, like your local network, or inside a company\u2019s network. However, if you\u2019re creating a project for a company that will be accessed by clients outside the company network, like a public website, it\u2019s best to use a certificate from a Certificate Authority.<\/p>\n\n\n\n SSL certificates have an expiry date. So, if you\u2019re using an ESP32 to connect to a website via HTTPS, you should keep in mind that you\u2019ll need to update the code with the new website\u2019s certificate in the future.<\/p>\n\n\n\n If you\u2019re still confused about all of these new terms, we recommend taking a look at the following website that explains in a fun way how everything works: https:\/\/howhttps.works\/. <\/p>\n\n\n\n If you\u2019re familiar with HTTP requests with the ESP32 \u201cmigrating\u201d to HTTPS is very straightforward. <\/p>\n\n\n If you’re using the WiFiClient<\/span> library, you just need to make the following changes:<\/p>\n\n\n\n With this, you ensure that your communication is encrypted using TLS.<\/p>\n\n\n\n An additional security step is to check the server certificate (the certificate of the website you want to connect to). You can skip this step while testing and prototyping. The communication will be encrypted, but you won\u2019t be sure of the integrity of the server you are trying to communicate with.<\/p>\n\n\n\n You can also find examples using HTTPS with the HTTPClient<\/span> library.<\/p>\n\n\n\n If you want to start working on your HTTPS requests right away, take a look at the examples provided in the ESP32 package for the Arduino core.<\/p>\n\n\n\n At the moment, there are not many examples of building an HTTPS web server with the ESP32 using the Arduino core. Unfortunately, the AsyncWebServer<\/span> library that we use in most of our projects, doesn\u2019t fully support HTTPS at the moment.<\/p>\n\n\n\n Nevertheless, there is another library that provides easy methods to build an ESP32 HTTPS web server, including an example that generates certificates on the fly. Here\u2019s a link to the library: esp32_https_server library<\/a>.<\/p>\n\n\n\n If you\u2019re familiar with ESP-IDF, you can take a look at the documentation on the following link:<\/p>\n\n\n\n There are several examples that show how to make HTTPS requests with the ESP8266. You can check the examples available in your Arduino IDE. Make sure you have the latest version of the ESP8266 boards installed to make sure you have access to the latest version of the examples and that these will work.<\/p>\n\n\n\n To update the ESP8266 boards’ installation, you just need to go to Tools <\/strong>> Boards <\/strong>> Boards Manager<\/strong>, search for ESP8266, <\/strong>and install the latest version.<\/p>\n\n\n\n Then, you’ll have access to the examples’ latest version. You can check the following examples:<\/p>\n\n\n\n You’ll need to update the certificates and fingerprints to make the examples work. If you can’t make the examples work, don’t worry, we’ll publish some tutorials with examples and instructions soon.<\/p>\n\n\n\n The ESP8266 is not optimized for SSL cryptography, so running an HTTPS Server on the ESP8266 is very demanding. You need to set the clock frequency to 160MHz and even so, you might get unexpected resets on the board. <\/p>\n\n\n\n For an ESP8266 HTTPS web server, you can take a look at an example using the ESP8266WebServer<\/span> library on the following link:<\/p>\n\n\n\nWhat is HTTPS? <\/h2>\n\n\n\n
![\"HTTP](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/HTTP-vs-HTTPS.png?resize=750%2C500&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nWhy do you need HTTPS?<\/h3>\n\n\n\n
What is SSL\/TLS?<\/h2>\n\n\n\n
How does SSL\/TLS encryption work?<\/h2>\n\n\n\n
![\"Symmetric](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/Symmetric-key-encryption.png?resize=750%2C445&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\n![\"Asymmetric](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/Asymmetric-key-encryption.png?resize=750%2C465&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nPublic Key and Private Key<\/h3>\n\n\n\n
Communication over HTTPS<\/h2>\n\n\n\n
![\"HTTPS](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/HTTPS-Communication-SSL-certificte_f.png?resize=750%2C947&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nSSL Certificates<\/h2>\n\n\n\n
![\"SSL](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/HTTPS-browser-valid-certificate.png?resize=750%2C468&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nSelf-signed Certificates<\/strong><\/h3>\n\n\n\n
![\"Self-signed](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/browser-self-signed-certificate_HTTPS-browser-self-signedcate.png?resize=750%2C468&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nESP32: HTTPS Requests (Arduino IDE)<\/h2>\n\n\n\n
![\"ESP32](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/ESP32-HTTPS-Requests.png?resize=750%2C320&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nESP32 HTTPS Server (Arduino IDE)<\/h2>\n\n\n
![\"ESP32](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/ESP32-HTTPS-Server.png?resize=750%2C243&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nESP8266 HTTPS Requests (Arduino IDE)<\/h2>\n\n\n
![\"ESP8266](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/ESP8266-HTTPS-Requests.png?resize=750%2C320&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\nESP8266 HTTPS Server (Arduino IDE)<\/h2>\n\n\n
![\"ESP8266](\"https:\/\/i0.wp.com\/randomnerdtutorials.com\/wp-content\/uploads\/2022\/11\/ESP8266-HTTPS-Server.png?resize=750%2C243&quality=100&strip=all&ssl=1\")
<\/figure><\/div>\n\n\n