Obtaining a Web Page TLS Certificate

This app note describes how to obtain a website's CA cert via the Google Chrome web browser and use the cert to issue a HTTPS GET request command.

Note: This app note describes the procedure for the Chrome browser. A similar process may be used for most web browsers including Internet Explorer, FireFox, and Safari.

This app demonstrates how to:

CA Certificate Overview

A Certificate Authority (CA) certificate is used by the Wi-Fi module to authenticate a HTTP server. The CA cert allows for a secure transaction with the HTTP server. For more details about TLS certificates, see TLS Client Application Note.

Download CA Certificate

This example uses the Silabs website at https://www.silabs.com.

Save the site's CA cert, in a Base-64 encoded file, using the following steps in a Chrome web browser:

At this point the website's CA certificate is save to the desktop.

Double-click on the site_cert_chain_ca.cer file on your desktop to view the certificate's information.

Upload CA Certificate to Wi-Fi Module

The next step is to upload the CA certificate to the Gecko OS module.

The easiest way to do this is to use the Gecko OS Web App provided with Gecko OS. To start the webapp, issue the setup_web command to the device using a Gecko OS terminal:

> setup_web

This starts the Gecko OS softAP and webserver. Connect your computer to the Gecko OS Wi-Fi network. By default, the network name is Gecko OS-XXX, (where XXX is the last 3 digits of the device MAC address).

Then open a web browser and enter the URL: http://setup.com

Wait for the Gecko OS webapp to load, then click on the Files tab. The Files tab enables you to drag and drop files from your computer to the file system on the Gecko OS device.

On your computer, find the CA certificate that you just created: site_cert_chain_ca.cer

Drag this file onto the Gecko OS webapp target area where it says Drop files here. Alternatively, click the button labelled Click to add files.

That's it! The CA certificate is now stored in non-volatile memory on the Gecko OS device flash file system.

Issue HTTPS GET Request

Now that the Wi-Fi module has the website CA cert, the module can issue secure HTTPS requests to the website.

First, configure the following setting so that the CA certificate is always used by default:

set network.tls.ca_cert site_cert_chain_ca.cer
save

For details see the network.tls.ca_cert variable.

Set the module's network credentials so that the module can connect to the Internet. See Configuration and Setup, Wi-Fi Setup.

Now, issue a HTTPS request to the server:

http_get https://silabs.com

Assuming the Wi-Fi network's SSID/password are set, this issues a secure HTTPS request to the server and downloads the encrypted webpage.

Once the connection is open, read the webpage data with the command:

read 0 1000

Keep issuing this command until all the webpage data is read.

You can store multiple CA certs on the Gecko OS flash file system.

Instead of setting the cert in the network.tls.ca_cert variable, you can specify the CA cert as an argument to the http_get command:

http_get https://silabs.com site_cert_chain_ca.cer

For more details about issuing HTTP requests, see the HTTP GET and POST app note.


Supporting Gecko OS Versions

Change Log

ModifiedChanges
2019-01-01Created