Pull Request: Fixes and Enhancements for ESP32 HTTPS Certificate Generation #189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

cturqueti wants to merge 1 commit into fhessel:master from cturqueti:create_cert_git_bash

cturqueti commented Apr 28, 2025

The script 'create_cert.sh' had critical issues preventing reliable certificate generation:

CA validation errors (error 79)
Syntax errors from line endings
Non-standard certificate attributes

Changes Made:

1. CA Configuration Fixes

Added proper X.509 v3 extensions for CA certificates
Included critical CA constraints
Set proper key identifiers

2. Certificate Signing Improvements

Added required extensions for end-entity certificates
Fixed subjectAltName generation
Standardized key usage parameters

3. Cross-Platform Compatibility

Normalized line endings (CRLF -> LF)
Removed Windows-specific artifacts
Added compatibility checks

4. Output File Generation

Simplified header file creation
Added error checking for xxd
Improved file permission handling

Testing Performed:

Windows (Git Bash)
WSL/Ubuntu
ESP32 Integration
OpenSSL verification

Verification Command:
openssl verify -CAfile exampleca.crt example.crt

Impact:

Enables reliable HTTPS server setup
Works across development environments
Maintains security standards

Notes for Reviewers:

All changes backward compatible
No dependency changes required
Follows OpenSSL best practices


          Update create_cert.sh

18ff69a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet