Closed
Description
https://github.com/fhessel/esp32_https_server/blob/de1876cf6fe717cf236ad6603a97e88f22e38d62/examples/REST-API/REST-API.ino#L219 is exactly what we need
That seems not sufficient. The generated cert must adhere to some Apple rules also:
- https://support.apple.com/de-de/HT210176
- Max validity 2 years
- hostname (&ip?) in Subject Alternative Name
- 2048 bit key length
- ExtendedKeyUsage (EKU)- "id-kp-serverAuth OID"
So we need:
- Extend the cert creation method to add the extension attributes (seem to be well supported by mbedtls but not directly by the https server utility method). Supported via: self-signed certificates: Add CN as subjectAltName fhessel/esp32_https_server#113
- A way to trigger generation of new cert (can not create cert for 10 years)
- Way to download the cert for local install (application/octet-stream (?) obs.cer, base64), also via http access.
- Increase length to 2048 which will increase key creation time, we need a progress bar or similar
- Put some documentation on the http welcome page (specific for Mac? / Android? / Linux / iOS / Win)?