Obtaining a Web Page TLS Certificate

This app note describes how to obtain a website's CA cert via the Google Chrome web browser and use the cert to issue a HTTPS GET request command.

Note: This app note describes the procedure for the Chrome browser. A similar process may be used for most web browsers including Internet Explorer, FireFox, and Safari.

In this app note we will:

CA Certificate Overview

A Certificate Authority (CA) certificate is used by the Wi-Fi module to authenticate a HTTP server. The CA cert allows for a secure transaction with the HTTP server. For more details about TLS certificates, see TLS Client Application Note.

Download CA Certificate

In this example we use the Zentri website at https://zentri.com

Using Google Chrome, download the site's CA cert using the following steps:

At this point we have saved the website's CA certificate to our desktop. Double-click on the .cer file on your desktop to view the certificate's information.

Upload CA Certificate to Wi-Fi Module

Next we need to upload the CA certificate to the ZentriOS module.

The easiest way to do this is to use the ZentriOS Web App provided with ZentriOS. To start the webapp, issue the following command to the device using a ZentriOS terminal:

> setup web

This starts the ZentriOS softAP and webserver. Connect your computer to the ZentriOS Wi-Fi network. By default, the network name is ZentriOS-XXX, (where XXX is the last 3 digits of the device MAC address).

Then open a web browser and enter the URL: http://setup.com

Wait for the ZentriOS webapp to load, then click on the Files tab. The Files tab enables you to drag and drop files from your computer to the file system on the ZentriOS device.

On your computer, find the CA certificate that you just created: global_sign_ca.cer

Drag this file onto the ZentriOS webapp target area where it says Drop files here. Alternatively, click the button labelled Click to add files.

That's it! The CA certificate is now stored in non-volatile memory on the ZentriOS device flash file system.

Issue HTTPS GET Request

Now that the Wi-Fi module has the website CA cert, we can issue secure HTTPS requests to it.

First, configure the following setting so that our CA certificate is always used by default:

set network.tls.ca_cert global_sign_ca.cer
save

For details see the network.tls.ca_cert variable.

Set the module's network credentials so that the module can connect to the Internet. See Configuration and Setup, Wi-Fi Setup.

Now, issue a HTTPS request to the server:

http_get https://zentri.com

Assuming we've previously set the Wi-Fi network's SSID/password, this will issue a secure HTTPS request to the server and download the encrypted webpage.

Once the connection is open, read the webpage data with the command:

read 0 1000

Keep issuing this command until all the webpage data is read.

You can store multiple CA certs on the ZentriOS flash file system.

Instead of setting the cert in the network.tls.ca_cert variable, you can specify the CA cert as an argument to the http_get command:

http_get https://zentri.com global_sign_ca.cer

For more details about issuing HTTP requests, see the HTTP GET and POST app note.