OTA F/W Update Certificate Expiry

Post Reply
BivvyCoder
Posts: 25
Joined: Sun Jan 28, 2024 5:20 pm

OTA F/W Update Certificate Expiry

Postby BivvyCoder » Tue Nov 26, 2024 11:37 am

I'm starting to add OTA update to my project, using the Espressive Native OTA code as a starting point.
https://github.com/espressif/esp-idf/bl ... /README.md

I've generated the server certificate and key, with a 365 day expiry as per the example.

Code: Select all

openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 -nodes
Everything is working fine, but I'm wondering what happens when this certificate expires if the firmware has not been updated?

Presumably the process will fail as the certificate has expired.
If I generate new server certificates then the OTA process will fail as the device and server certificates won't match.

One option would be to set the expiry to 10 years (or longer) but that reduces the security.
Top
Post Reply

Return to “ESP-IDF”

Who is online

Users browsing this forum: Bing [Bot], ChatGPT-User, Google [Bot], Semrush [Bot] and 6 guests