Using the Computado Rita as a ESP32 development environment
Goal
To have the IoT device GET and POST a URL to a HTTPS web server over WiFi.
Need to do;
Create a PKI certificate authority and server certificate
Create a WiFi Access Point (AP) (Hotspot)
Install and configure nginx web server and time server
Install esp-idf, a ESP32 deveopment system
Clone the IoT code respository
Setup ESP32 to connect to Wifi
Setup ESP32 to connect to https server
Equipment
Computado Rita as server ; RAM 4G or 8G
Seeed Xiao ESP32C3 or just change the configurations other ESP32 devices,
USB-A to USB-C cable
Setup Access Point (hotspot)*
Create the hotspot using NetworkManager
$ sudo nmtui
Force NetworkManager to use WPA2 by editing
/etc/NetworkManager/system_connections/connection 1.nmconnection
Add the WPA2 protocol to wifi-security proto=rsn
Install nginx web server, time servere and other debug tools
$ sudo install nginx nginx-extras rsyslog git ntp ntp-date ntpsec wireshark
Create PKI root certificate and server certificate
Create directory /etc/nginx/crypto and in it;
Create a self signed root certificate and unencrypted key.
$ openssl req -x509 -sha256 -days 1825 -noenc -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt
Create Certificate Signing Request ( CSR ) for the host domain
$ openssl req -newkey rsa:2048 -noenc -keyout domain.key -out domain.csr
Sign the CSR with the root CA
$ openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -in domain.csr -out domain.crt -days 365 -CAcreateserial
Setup SSL on nginx
In /etc/nginx/sites-enabled/default, Uncomment “listen 443” lines and change snakeoil.conf to ssl.conf
Create a file in /etc/nginx/snippets/ssl.conf with
ssl_certificate /etc/nginx/crypto/domain.crt;
ssl_certificate_key /etc/nginx/crypto/domain.key
Restart nginx
Add echo location in /etc/nginx/sites-enables/default for POST request
location /echo {
echo_read_request_body:
echo_request_body;
default_type application/json;
chunked_transfer_encoding off;
}
Restart nginx
Install esp-idf
Clone IoTCRHTTPS
$ git clone --recurse-submodules https://github.com/greenpdx/IoTCRHTTPS.git
$ cd IoTCRHTTPS
Configure and build project
$ idf.py set-target esp32c3
$ idf.py menuconfig
Serial flasher config → Flash size = 4 MB
Example Connection Configuration → WiFi SSID = test3
Example Connection Configuration → WiFi Password = test12345
Component config → ESP System Settings → Channel for console output = USB Serial/JTAG Controller
Component config → mbedTLS → mbedTLS v3.x related → Support TLS 1.3 protocol = yes
Component config → mbedTLS → Certificate Bundle → Enable trusted root certificate bundle = no
Component config → mbedTLS → TLS Protocol Role (Server & Client) = Client
Component config → LWIP → SNTP → Request NTP servers from DHCP = yes
$ idf.py build
$ idf.py -p /dev/ttyACM0 flash
$ idf.py -p /dev/ttyACM0 monitor