Obtaining a Web Page TLS Certificate
This app note describes how to obtain a website's CA cert via the Google Chrome web browser and use the cert to issue a HTTPS GET request command.
Note : This app note describes the procedure for the Chrome browser. A similar process may be used for most web browsers including Internet Explorer, FireFox, and Safari.
This app demonstrates how to:
- Download the CA cert to our computer using Chrome
- Upload the CA to our Wi-Fi module using the module's WebApp drag & drop feature
- Issue a secure HTTPS GET request to the server
CA Certificate Overview
A Certificate Authority (CA) certificate is used by the Wi-Fi module to authenticate a HTTP server. The CA cert allows for a secure transaction with the HTTP server. For more details about TLS certificates, see TLS Client Application Note .
Download CA Certificate
This example uses the Silabs website at https://www.silabs.com .
Save the site's CA cert, in a Base-64 encoded file, using the following steps in a Chrome web browser:
-
In an up-to-date Chrome web browser, navigate to:
https://www.silabs.com
Notice that a lock icon appears next to the URL, indicating the site is secure.
-
Open the Developer Tools panel, Security tab:
-
In the Chrome three-dot menu, choose
More Tools/Developer Tools. On Windows, you can pressF12orCtrl-Shift-I. -
In the Developer Tools panel, click the
Securitytab
-
In the Chrome three-dot menu, choose
-
In the
Securitytab , click theView Certificatebutton
-
In the
Certificatedialog, select theCertification Pathtab - Select the top level CA cert in the certificate chain
-
Click the
View Certificatebutton
-
A
Certificatedialog appears, for the selected certificate.-
Select the
Detailstab -
Click the
Copy to File...button
-
Select the
-
Another dialog appears
-
Click the
Nextbutton
-
Click the
-
Select the
Base-64 encoded X.509 (.CER)format, then click theNextbutton
-
Save the CA cert to your desktop with a file name of your choice. This example uses the name
site_cert_chain_ca.
Chrome appends a.cerextension.
At this point the website's CA certificate is save to the desktop.
Double-click on the
site_cert_chain_ca.cer
file on your desktop to view the certificate's information.
Upload CA Certificate to Wi-Fi Module
The next step is to upload the CA certificate to the Gecko OS module.
The easiest way to do this is to use the Gecko OS Web App provided with Gecko OS. To start the webapp, issue the setup_web command to the device using a Gecko OS terminal:
> setup_web
This starts the Gecko OS softAP and webserver. Connect your computer to the Gecko OS Wi-Fi network. By default, the network name is
Gecko OS-XXX
, (where
XXX
is the last 3 digits of the device MAC address).
Then open a web browser and enter the URL:
http://setup.com
Wait for the Gecko OS webapp to load, then click on the
Files
tab. The Files tab enables you to drag and drop files from your computer to the file system on the Gecko OS device.
On your computer, find the CA certificate that you just created:
site_cert_chain_ca.cer
Drag this file onto the Gecko OS webapp target area where it says
Drop files here
. Alternatively, click the button labelled
Click to add files
.
That's it! The CA certificate is now stored in non-volatile memory on the Gecko OS device flash file system.
Issue HTTPS GET Request
Now that the Wi-Fi module has the website CA cert, the module can issue secure HTTPS requests to the website.
First, configure the following setting so that the CA certificate is always used by default:
set network.tls.ca_cert site_cert_chain_ca.cer
saveFor details see the network.tls.ca_cert variable.
Set the module's network credentials so that the module can connect to the Internet. See Configuration and Setup, Wi-Fi Setup .
Now, issue a HTTPS request to the server:
http_get https://silabs.comAssuming the Wi-Fi network's SSID/password are set, this issues a secure HTTPS request to the server and downloads the encrypted webpage.
Once the connection is open, read the webpage data with the command:
read 0 1000Keep issuing this command until all the webpage data is read.
You can store multiple CA certs on the Gecko OS flash file system.
Instead of setting the cert in the network.tls.ca_cert variable, you can specify the CA cert as an argument to the http_get command:
http_get https://silabs.com site_cert_chain_ca.cerFor more details about issuing HTTP requests, see the HTTP GET and POST app note .
Supporting Gecko OS Versions
- Gecko OS 4
Change Log
| Modified | Changes |
|---|---|
| 2019-01-01 | Created |