Hi All,
Using example Arduino Edgent_MKR1010 v1.0.1, I’m able to make an unsecured connection (port 80). How do I make a secured connection (port 443)? Please, what all needs to change to make this work?
Thanks.
Does line 12 of your BlynkEdgent.h tab say…
//#define BLYNK_USE_SSL
If so, have you tried un-commenting this line?
(I have no idea if this works, as I don’t use this hardware, It’s just something I noticed the other day).
Pete.
Hey Pete,
Thanks for your quick reply. I’ve already tried that. Doesn’t seem to work:
19:08:19.250 -> [2166] Configuration read from flash
19:08:19.250 -> [2166] Using default config.
19:08:19.250 ->
19:08:19.250 -> >[2166]
19:08:19.250 -> ___ __ __
19:08:19.250 -> / _ )/ /_ _____ / /__
19:08:19.250 -> / _ / / // / _ \/ '_/
19:08:19.250 -> /____/_/\_, /_//_/_/\_\
19:08:19.250 -> /___/ v1.0.1 on MKR WiFi 1010
19:08:19.250 ->
19:08:19.250 -> [2167] --------------------------
19:08:19.250 -> [2167] Product: Iodine
19:08:19.250 -> [2167] Firmware: 0.6.7 (build Nov 8 2021 19:08:09)
19:08:19.250 -> [2167] Device: MKR WiFi 1010
19:08:19.250 -> [2167] WiFi FW: 1.3.0
19:08:20.012 -> [2928] --------------------------
19:08:20.012 -> [2928] INIT => WAIT_CONFIG
19:08:20.046 -> [2945] Scanning networks...
19:08:24.523 -> [7411] Found networks: 10
19:08:25.154 -> [8066] AP SSID: Blynk xxxx-xxx
19:08:25.154 -> [8066] AP IP: 192.168.4.1
19:09:02.539 -> [45441] Sending board info...
19:09:02.704 -> [45621] Sending networks...
19:09:06.254 -> [49160] Applying configuration...
19:09:06.254 -> [49162] WiFi SSID: xxxxx Pass: xxxxxx
19:09:06.254 -> [49162] Blynk cloud: xxxxxxxxxxxxxxxxxxxxxxxxx @ blynk.cloud:443
19:09:06.254 -> [49162] WAIT_CONFIG => SWITCH_TO_STA
19:09:06.254 -> [49171] Switching to STA...
19:09:07.283 -> [50171] SWITCH_TO_STA => CONNECTING_NET
19:09:07.349 -> [50265] Connecting to WiFi: xxxxx
19:09:11.295 -> [54185] Using Dynamic IP: 192.168.1.218
19:09:11.295 -> [54185] CONNECTING_NET => CONNECTING_CLOUD
19:09:11.394 -> [54290] Connecting to blynk.cloud:443
19:09:21.910 -> [64803] Connecting to blynk.cloud:443
19:09:32.491 -> [75396] Connecting to blynk.cloud:443
19:09:42.976 -> [85879] Connecting to blynk.cloud:443
19:09:53.458 -> [96361] Connecting to blynk.cloud:443
19:10:03.941 -> [106844] Connecting to blynk.cloud:443
19:10:14.621 -> [117536] Timeout
19:10:14.621 -> [117536] Last error code: 702
19:10:14.621 -> [117538] Configuration written to flash
19:10:14.621 -> [117539] CONNECTING_CLOUD => ERROR
19:10:24.707 -> [127633] Restarting after error.
Looks like your firmware is out of date, and you probably need to update your SSL certificates too.
Pete.
That did the trick! Thanks!
Looks like Blynk updates encryption certificates every two months. This leads me to wonder how to update the WiFI firmware and certificates without a PC attached to the device. Can this be done OTA?
09:45:06.313 -> [2166] Configuration read from flash
09:45:06.313 -> [2166] Using default config.
09:45:06.313 ->
09:45:06.313 -> >[2166]
09:45:06.313 -> ___ __ __
09:45:06.313 -> / _ )/ /_ _____ / /__
09:45:06.313 -> / _ / / // / _ \/ '_/
09:45:06.313 -> /____/_/\_, /_//_/_/\_\
09:45:06.313 -> /___/ v1.0.1 on MKR WiFi 1010
09:45:06.313 ->
09:45:06.313 -> [2167] --------------------------
09:45:06.313 -> [2167] Product: Iodine
09:45:06.313 -> [2167] Firmware: 0.6.8 (build Nov 9 2021 09:44:56)
09:45:06.313 -> [2167] Device: MKR WiFi 1010
09:45:06.313 -> [2167] WiFi FW: 1.4.5
09:45:07.077 -> [2928] --------------------------
09:45:07.077 -> [2928] INIT => WAIT_CONFIG
09:45:07.077 -> [2945] Scanning networks...
09:45:11.323 -> [7195] Found networks: 8
09:45:11.952 -> [7824] AP SSID: Blynk xxxxx-xxx
09:45:11.952 -> [7824] AP IP: 192.168.4.1
09:45:52.891 -> [48757] Sending board info...
09:45:53.024 -> [48887] Sending networks...
09:45:56.574 -> [52458] Applying configuration...
09:45:56.574 -> [52460] WiFi SSID: xxxxxxx Pass: xxxxxxx
09:45:56.574 -> [52460] Blynk cloud: xxxxxxxxxxxxxxxxxxxxx @ blynk.cloud:443
09:45:56.574 -> [52461] WAIT_CONFIG => SWITCH_TO_STA
09:45:56.574 -> [52466] Switching to STA...
09:45:57.603 -> [53466] SWITCH_TO_STA => CONNECTING_NET
09:45:57.603 -> [53466] Connecting to WiFi: xxxxxxx
09:46:00.589 -> [56473] Using Dynamic IP: 192.168.1.218
09:46:00.589 -> [56473] CONNECTING_NET => CONNECTING_CLOUD
09:46:00.688 -> [56578] Connecting to blynk.cloud:443
09:46:02.635 -> [58516] Ready (ping: 53ms).
09:46:02.702 -> [58586] CONNECTING_CLOUD => RUNNING
09:46:02.702 -> [58588] Configuration written to flash
Glad it worked.
I have no idea, I use ESP boards myself.
Pete.
That’s correct.
You don’t need to update the firmware to make it work with the renewed certificates.
The old firmware will work with the renewed certs (unless it is more than 2 years old, due to the recent changes in the Let’s Encrypt root chain certificate)
Yes. You can do the OTA when you need via web interface. But this is has nothing to do with certificates actually.
@Dmitriy Thanks for clarifying. So…
I understand the device’s firmware can be updated OTA via web interface. Can the certificates also be updated this way?
Certificates are updated on the server-side. Hardware just holds the fingerprint of the certificate in order to check it’s valid.
OIC… So, there’s really no need to mess with the WiFi module after its initial (factory) update with the latest NINA firmware and Blynk’s root certificate (fingerprint). Is my understanding correct?
Correct.
Regarding certificate fingerprints, this was mostly the case with ESP8266.
Right now most platforms (including ESP8266) can perform a correct certificate check, however some devices still won’t check the certificate expiration time.
Outstanding! That might have been a logistical nightmare.
@PeteKnight Thank you!
@Dmitriy Thank you!
@vshymanskyy Thank you!
1 Like