Skip to content

Commit dcd5af9

Browse files
authored
Merge pull request #177 from adafruit/6month-ssl-certs
docs(ssl): Update TLS/SSL certificate fingerprint instructions
2 parents 1a91eb6 + 5a06b9a commit dcd5af9

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

src/AdafruitIO_Definitions.h

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -115,9 +115,13 @@ class AdafruitIOGroupCallback {
115115
#define AIO_ERROR_TOPIC "/errors" ///< Adafruit IO Error MQTT Topic
116116
#define AIO_THROTTLE_TOPIC "/throttle" ///< Adafruit IO Throttle MQTT Topic
117117

118-
// latest fingerprint can be generated with
119-
// echo | openssl s_client -connect io.adafruit.com:443 | openssl x509
120-
// -fingerprint -noout
118+
/* NOTE: io.adafruit.com TLS/SSL certificate changes every 6months, and pinning
119+
certificates is no longer recommended. Migrate to a larger MCU like ESP32
120+
which can accomodate root certificates and verify chains of trust. */
121+
/* For older devices like ESP8266 you can generate the latest fingerprint with:
122+
echo | openssl s_client -connect io.adafruit.com:443 | openssl x509 -fingerprint
123+
-noout
124+
*/
121125
#define AIO_SSL_FINGERPRINT \
122126
"47 D2 CB 14 DF 38 97 59 C6 65 1A 1F 3E 00 1E 53 CC A5 17 E0" ///< Latest
123127
///< Adafruit IO

src/wifi/AdafruitIO_ESP8266.h

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,13 @@
2525
/* NOTE - Projects that require "Secure MQTT" (TLS/SSL) also require a new
2626
* SSL certificate every year. If adding Secure MQTT to your ESP8266 project is
2727
* important - please switch to using the modern ESP32 (and related models)
28-
* instead of the ESP8266 to avoid updating the SSL fingerprint every year.
28+
* instead of the ESP8266 to avoid updating the SSL fingerprint every 6 months.
2929
*
3030
* If you've read through this and still want to use "Secure MQTT" with your
3131
* ESP8266 project, we've left the "WiFiClientSecure" lines commented out. To
3232
* use them, uncomment the commented out lines within `AdafruitIO_ESP8266.h` and
33-
* `AdafruitIO_ESP8266.cpp` and recompile the library.
33+
* `AdafruitIO_ESP8266.cpp`, update fingerprint in `AdafruitIO_Definitions.h`,
34+
* and then recompile the library.
3435
*/
3536
// #include "WiFiClientSecure.h"
3637

0 commit comments

Comments
 (0)