SSL Root Certificate Questions
JEG8 opened this issue · 1 comments
Hi Mobizt,
This is more of a question rather than an issue.
My code was running great for about 7 days, when the Arduino IOT 33 stopped functioning, and generated an "error, connection refused" error code. I had not updated the SSL certificates on the WIFI NINA hardware for my Firebase database. I have since added this, and am hoping it will resolve the issue.
Ultimately, I plan on using this same design in a product, which could be distributed to people. I have concerns that the SSL certificates will expire in 1 year, and I will not be able to update them without physically plugging into the hardware and pushing new ones.
So I have a few questions for you.
-
Why are the SSL root certificates required for use with Firebase and this library? Is there any way to run your library without SSL root certificates?
-
Do you know if there is a sketch or other method that can be used to remotely push SSL certificates to the NINA hardware?
Thanks again
The SSL certificate verification was done by WiFiNINA library that works with the u-blox NINA-W102 firmware.
The NINA firmware and WiFiNINA library don't provide any option to skip SSL verification.
The SSL certificate added using Arduino Firmware Update tool may be the root certificate which have more expiry period e.g. 5 - 20 years instead of server SSL certificate which will be year or two years expired.
The only way to skip SSL certificate verification is to modify the NINA firmware.
Clone or fork the NINA firmware and delete these lines of code.
And replace this with the code that deleted above.
mbedtls_ssl_conf_authmode(&_sslConfig, MBEDTLS_SSL_VERIFY_NONE);
Follow this instructions to build and flash it to your device.
Now you can use your device with WiFiNiNA library to securely connect to any server or using Firebase library without SSL cert verification needed.