FORGE
Arduino on the ESP32 has a library we can include
that brings in WiFi and the ability to access HTTPS
documents. We bring it in with the line:
#include <WiFiClientSecure.h>
With this, we can connect to the network and
download the data with:
WiFi.begin(ssid, password);
while (WiFi.status() != WL_CONNECTED) {
Serial.print(".");
delay(1000);
}
client.setCACert(test_root_ca);
if (!client.connect(server, 443))
Serial.println("Connection failed!");
else {
client.print((String)"GET /api/records/1.0/
search/?dataset=air-quality-data-
continuous&rows=1&sort=date_time&facet=date_
time&facet=location&facet=current&refine.
location=AURN+St+Pauls HTTP/1.1\r\n" +
"Host: " + String(server) + "\r\n"
+
"Connection: close\r\n\r\n");
The key bit missing from this is the variable test_
root_ca. To understand what that is, you first need to
understand a little about how HTTPS works. When
downloading secure documents on the web, we use
a thing called public-key encryption. With this, there
are two keys: a private key and a public key. Anything
encrypted with the private key can be decrypted with
the public key. This way, the website can advertise
the public key and encrypt things with the private
key. We can use the public key to decrypt the data
and then be sure that it really came from the website.
However, this raises the question, how do we know
that the public key is really the public key? Well, we
use public-key encryption, and it’s encrypted with the
private key of a certificate authority. Well, how do we
know that the certificate authority’s public key is really
correct? Well, it’s encrypted with the public key of ...
At some point, this chain of trust has to stop, and
there has to be an original public key that we trust
implicitly. This is known as the root authority. There
are a few around, and you have to make sure that you
have the root certificate that’s used by the website
you’re trying to get data from. In our code (hsmag.cc/
FbMO49), we’ve included the root certificate that’s
used by Let’s Encrypt, which is a popular certificate
provider, so there’s a good chance that it’ll work for
other sites, but if it doesn’t, take a look at the box
below for details on how to find it out.
Above
The ESP32 is a great
choice for this project
because, as well as
having WiFi, it also
has the processing
power to decrypt
HTTPS data
When downloading secure
documents on the web,
we use a thing called
public-key encryption
”
”
FINDING THE
If the site you need to get data from doesn’t use the
same root certificate as us, here’s how you can find
the correct one:
- Open the URL in Firefox (we found this the easiest
browser to use) - Click on the padlock in the URL bar, then on
Connection secure, and then More information - In the pop-up, click on View certificate. This will
open a new browser tab with sections for each
of the certificates in the chain - Select the left-most option in the certificate chain
(which will probably have a name including the
word 'Root') - Scroll down and press Download PEM(cert).
- Open this file, and the contents of this needs to
go in the test_root_ca variable
ROOT CERTIFICATE