CA signed server certificate for ESP32 HTTPS
Posted: Thu Sep 11, 2025 10:08 am
Hello Folks,
I am working on an ESP32-based HTTPS web server for configuring Wi-Fi on the device. Currently, we are using self-signed certificates for testing purposes.
The HTTPS server runs on the ESP32, and a small JavaScript file provides the UI. On the first connection, the JS file is served to the browser and the UI loads.
When we open the URL in any browser on a mobile or laptop, we see a “Not Secure / Your connection is not private” warning. We then need to click Advanced, then acknowledge another warning about untrusted certificates, and finally click Proceed. After that, the UI loads, but the HTTPS indicator in the URL bar still shows a strike-through. Please refer attached images.
This warning occurs because we are using self-signed certificates. To avoid it, we would need CA-signed certificates, which normally requires a domain name and is not possible in this local server use case.
While it is technically possible to add our self-signed certificates to the browser, it is not practical to expect end users to install certificates manually.
What are the available options to run an HTTPS server on ESP32 that works without warnings or a strike-through on HTTPS in the browser?
I am working on an ESP32-based HTTPS web server for configuring Wi-Fi on the device. Currently, we are using self-signed certificates for testing purposes.
The HTTPS server runs on the ESP32, and a small JavaScript file provides the UI. On the first connection, the JS file is served to the browser and the UI loads.
When we open the URL in any browser on a mobile or laptop, we see a “Not Secure / Your connection is not private” warning. We then need to click Advanced, then acknowledge another warning about untrusted certificates, and finally click Proceed. After that, the UI loads, but the HTTPS indicator in the URL bar still shows a strike-through. Please refer attached images.
This warning occurs because we are using self-signed certificates. To avoid it, we would need CA-signed certificates, which normally requires a domain name and is not possible in this local server use case.
While it is technically possible to add our self-signed certificates to the browser, it is not practical to expect end users to install certificates manually.
What are the available options to run an HTTPS server on ESP32 that works without warnings or a strike-through on HTTPS in the browser?