How to Update PKI Configuration

[中文]

This document describes how to update the default PKI configuration provided by ESP-AT by recompiling the firmware. The PKI configuration includes certificates and keys for TLS clients, TLS servers, MQTT clients, WebSocket clients, HTTP clients, and Wi-Fi Enterprise client (WPA2-Enterprise/WPA3-Enterprise).

Note

If you want to update certificates at runtime using AT commands without recompiling the firmware, please refer to AT+SYSMFG command examples.

Introduction to PKI Configuration

The source files for the current default PKI configuration are located in the customized_partitions/raw_data directory, as shown below:

Function	Current Configuration	Related AT Commands
TLS client	Set 0 client configuration client_ca_00.crt client_cert_00.crt client_key_00.key Set 1 client configuration client_ca_01.crt client_cert_01.crt client_key_01.key	AT+CIPSTART AT+CIPSSLCCONF
TLS server	server_ca.crt server_cert.crt server.key	AT+CIPSERVER
MQTT client	mqtt_ca.crt mqtt_client.crt mqtt_client.key	AT+MQTTUSERCFG
WebSocket client	Set 0 client configuration wss_ca_00.crt wss_client_00.crt wss_client_00.key Set 1 client configuration wss_ca_01.crt wss_client_01.crt wss_client_01.key	AT+WSCFG
HTTP client	Set 0 client configuration https_ca_00.crt https_client_00.crt https_client_00.key Set 1 client configuration https_ca_01.crt https_client_01.crt https_client_01.key	AT+HTTPCFG
Wi-Fi Enterprise client (WPA2-Enterprise/WPA3-Enterprise)	wpa_ent_ca.pem wpa_ent_client.crt wpa_ent_client.key	AT+CWJEAP

Please modify the PKI configurations according to your own needs and generate mfg_nvs.bin file.

Generate mfg_nvs.bin

Please refer to Generate mfg_nvs.bin document to generate the mfg_nvs.bin file with the PKI configurations.

Download mfg_nvs.bin

Please refer to Download mfg_nvs.bin document.

Provide feedback about this document