Reputation: 165
Ensure secure communication from ESP8266 to web server: concerns about initial certificate request
I'm using an ESP8266 to communicate securely with a web server via WiFiClientSecure, which enables TLS encryption. However, I have a concern regarding the initial request for the server certificate.
To ensure the authenticity of the web server and prevent potential Man-in-the-Middle (MITM) attacks, I understand that it's crucial to verify the server certificate. However, due to my specific circumstances, I am unable to use the usual and customary process for validating the chain of trust and the identity of the server, and hard coding the certificate directly into the ESP8266 is not feasible.
My plan is to make an initial request to the web server to obtain and accept the supplied certificate, after which I can establish secure, authenticated communications. However, I'm worried that this first communication, where I request the certificate may be insecure and leave the system vulnerable to an attacker intercepting that initial request.
How significant is this vulnerability?
What best practices can I follow to secure this initial certificate request, or enhance the overall security of the communication process?
Thank you for your insights!
Upvotes: 0
Views: 50
Answers (0)
Related Questions
- Certificate authority SSL using AWS load balancer
- Unable to get auto enrolled certificates from AD CS (certificate authority) server
- How Issuer Root CA installed on client machine when client(dynamic) connects first time to server?
- Updating-Renewing self-signed CA certificate in java truststore
- Request a certificate from the certificate authority
- Get certificate from windows server 2003's CA using C#