0

I'm using the RootCA's SHA1 thumbprint which is still valid from api.github.com full original source code. I do not understand why the connection has failed, i tried changing the thumbprint to capital instead still doesn't work, i've also added client.setFingerprint();

const char* host = "api.github.com";
const int httpsPort = 443;

// Use web browser to view and copy
// SHA1 fingerprint of the certificate

const char* fingerprint = "5f b7 ee 06 33 e2 59 db ad 0c 4c 9a e6 d3 8f 1a 61 c7 dc 25";

  // Use WiFiClientSecure class to create TLS connection
  WiFiClientSecure client;
  client.setFingerprint(fingerprint);
user93228
  • 3
  • 2
  • 1
    The fingerprint doesn't seems to be match to api.github.com current SHA fingerprint. – hcheung Jul 02 '20 at 12:45
  • I took the thumbprint from root path (digicert) 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25 @hcheung – user93228 Jul 02 '20 at 13:44
  • On my Firebox, if I point my browser to https://api.github.com, click on the little padlock next to the URL, click on the `>`, then click on "more information", click on "View Certificate", scroll down, I get the fingerprint for SHA-1 as `DF:B2:29:C6:A6:38:1A:59:9D:C9:AD:92:2D:26:F5:3C:83:8F:A5:87`. – hcheung Jul 03 '20 at 05:58
  • That's the certificate from the server, shouldn't it work with the root certificate also? I've tried using the whole public key instead it works however not with the fingerprint – user93228 Jul 03 '20 at 10:06
  • Well, that's seems to be a separate issue. You only shown partial of your sketch. In order for fingerprint to work, you need to have `#include ` on your sketch. See [official example](https://github.com/esp8266/Arduino/blob/master/libraries/ESP8266HTTPClient/examples/BasicHttpsClient/BasicHttpsClient.ino) or [my example](https://www.e-tinkers.com/2020/04/a-better-way-to-use-esp-01-as-wifi-shield/) – hcheung Jul 03 '20 at 12:39
  • Oh okay, I was using WiFiClientSecure.h instead. The original code is above. Thanks anyway, will look into that – user93228 Jul 03 '20 at 12:51
  • I've tried using the offiicial example, using the root ca {0xd1,0xeb,0x23,0xa4,0x6d,0x17,0xd6,0x8f,0xd9,0x25,0x64,0xc2,0xf1,0xf1,0x60,0x17,0x64,0xd8,0xe3,0x49} it failed to connect but when I use the fingerprint from the server it worked. – user93228 Jul 05 '20 at 20:39

0 Answers0