OTA F/W Update Certificate Expiry
Posted: Tue Nov 26, 2024 11:37 am
I'm starting to add OTA update to my project, using the Espressive Native OTA code as a starting point.
https://github.com/espressif/esp-idf/bl ... /README.md
I've generated the server certificate and key, with a 365 day expiry as per the example.
Everything is working fine, but I'm wondering what happens when this certificate expires if the firmware has not been updated?
Presumably the process will fail as the certificate has expired.
If I generate new server certificates then the OTA process will fail as the device and server certificates won't match.
One option would be to set the expiry to 10 years (or longer) but that reduces the security.
https://github.com/espressif/esp-idf/bl ... /README.md
I've generated the server certificate and key, with a 365 day expiry as per the example.
Code: Select all
openssl req -x509 -newkey rsa:2048 -keyout ca_key.pem -out ca_cert.pem -days 365 -nodesPresumably the process will fail as the certificate has expired.
If I generate new server certificates then the OTA process will fail as the device and server certificates won't match.
One option would be to set the expiry to 10 years (or longer) but that reduces the security.