- Thu Dec 31, 2015 8:41 pm
#37594
I'd like to move my esp8266's to use SSL and I'm wondering how to deal with the certificates. The use-case is devices on my private Wifi that serve up web pages, some of which are "critical" in that they give access to control stuff in my house. I use mDNS and also DHCP hostnames, so my esp8266's are reachable both as hostname.local as well as hostname.example.com (the public DNS provides the RFC1918 private address, which is not 100% kosher).
The options I've considered so far:
- use a self-signed cert for each device and call it a day, but that doesn't protect against MITM attacks and if someone hacks into my Wifi they probably also have the tools to crack the self-signed cert stuff
- use a self-signed cert using a properly set-up internal CA and install the CA cert in all my browsers. This would protects against the MITM attacks, but is a total PITA to set-up on cell phones, tablets, multiple browsers on each machine, etc.
- use the fact that I have public DNS names for all devices and generate free SSL certs using Let's Encrypt. That solves the issues with the self-signed certs, but lands me in certificate expiration hell pretty soon, specially considering that LE plans to switch to 90 day cert expirations. It's also not something other people using my software can easily replicate.
- do not run any server on the esp8266, i.e., only use client connections. A good way to accomplish that is to use mqtt (over SSL) instead of https. That avoids the problem, but it means every esp8266 I deploy depends on some central mqtt server. Also, while that's actually something I'm planning to do, it doesn't solve the bootstrapping problem, stuff like having the esp8266 start out in AP mode so it can be configured to connect to the correct wifi network.
It there any other decent option I have overlooked? It seems that securing IoT devices is almost inherently impossible?
The options I've considered so far:
- use a self-signed cert for each device and call it a day, but that doesn't protect against MITM attacks and if someone hacks into my Wifi they probably also have the tools to crack the self-signed cert stuff
- use a self-signed cert using a properly set-up internal CA and install the CA cert in all my browsers. This would protects against the MITM attacks, but is a total PITA to set-up on cell phones, tablets, multiple browsers on each machine, etc.
- use the fact that I have public DNS names for all devices and generate free SSL certs using Let's Encrypt. That solves the issues with the self-signed certs, but lands me in certificate expiration hell pretty soon, specially considering that LE plans to switch to 90 day cert expirations. It's also not something other people using my software can easily replicate.
- do not run any server on the esp8266, i.e., only use client connections. A good way to accomplish that is to use mqtt (over SSL) instead of https. That avoids the problem, but it means every esp8266 I deploy depends on some central mqtt server. Also, while that's actually something I'm planning to do, it doesn't solve the bootstrapping problem, stuff like having the esp8266 start out in AP mode so it can be configured to connect to the correct wifi network.
It there any other decent option I have overlooked? It seems that securing IoT devices is almost inherently impossible?
