Certain flespi-compatible devices may encrypt traffic using TLS. flespi channel is the accepting server, so it should have a server certificate and a private key. You have 2 options:
a) Use flespi certificates chain
b) Generate certificates chain manually
In both options the device must know the CA (certificate authority) certificate that is used to sign the server certificate chain. Option b) is fully covered in this article. Here option a) is covered. 2 steps required to enable TLS traffic encryption:
Enable TLS for channel
Write CA certificate to the device and configure it to enable TLS traffic encryption
Configure channel
Enable “Encrypt with flespi TLS certificate” at channel’s configuration
Configure device
Channel accepts connections at domain name *.flespi.gw, which is covered by the same CA as flespi.io. So you may download certificate using any web browser like this:
This certificate has to be loaded to the device and used to establish TLS connection.