CA signed server certificate for ESP32 HTTPS

[RahulB.]

Hello Folks,

I am working on an ESP32-based HTTPS web server for configuring Wi-Fi on the device. Currently, we are using self-signed certificates for testing purposes.

The HTTPS server runs on the ESP32, and a small JavaScript file provides the UI. On the first connection, the JS file is served to the browser and the UI loads.

When we open the URL in any browser on a mobile or laptop, we see a “Not Secure / Your connection is not private” warning. We then need to click Advanced, then acknowledge another warning about untrusted certificates, and finally click Proceed. After that, the UI loads, but the HTTPS indicator in the URL bar still shows a strike-through. Please refer attached images.

This warning occurs because we are using self-signed certificates. To avoid it, we would need CA-signed certificates, which normally requires a domain name and is not possible in this local server use case.

While it is technically possible to add our self-signed certificates to the browser, it is not practical to expect end users to install certificates manually.

What are the available options to run an HTTPS server on ESP32 that works without warnings or a strike-through on HTTPS in the browser?

[MicroController]

What are the available options to run an HTTPS server on ESP32 that works without warnings or a strike-through on HTTPS in the browser?

There are none. As you have noted, a "valid" certificate requires a domain name to match. You could maybe have the ESP in AP mode "fake" its domain name via DNS (like DNS spoofing) if you own the actual domain and can get a CA-signed certificate for it, but that'd be quite a hack.

Another option is to use plain HTTP.