How to enable TLS traffic encryption between device and channel

Certain flespi-compatible devices may encrypt traffic using TLS. This article explains how to set up TLS encryption using flespi certificates chain.

Certain flespi-compatible devices may encrypt traffic using TLS. flespi channel is the accepting server, so it should have a server certificate and a private key. You have 2 options:

a) Use flespi certificates chain

b) Generate certificates chain manually

In both options the device must know the CA (certificate authority) certificate that is used to sign the server certificate chain. Option b) is fully covered in this article. Here option a) is covered. 2 steps required to enable TLS traffic encryption:

  1. Enable TLS for channel

  2. Write CA certificate to the device and configure it to enable TLS traffic encryption

Configure channel

Enable “Encrypt with flespi TLS certificate” at channel’s configuration

Configure device

Channel accepts connections at domain name *.flespi.gw, which is covered by the same CA as flespi.io. So you may download certificate using any web browser like this:

This certificate has to be loaded to the device and used to establish TLS connection.