NetBurner 3.5.8
PDF Version
Basic Web Config with SSL/TLS

Example Path: examples/Configuration/Web/BasicWebConfigWithTLS

This example is identical to the BasicWebConfig example with the addition of SSL/TLS. Please refer to that example documentation for a description of how the configuration server mirror operates.

Certificates can be handled a number of ways:

  • Automatically with ACME (preferred)
  • Auto generation feature of the NetBurner ssl/tls library
  • Self-signed and either compiled into the application or uploaded to a file system.

To simplify things, this example provides files for a compiled certificate and key, named ServerCert.cpp and ServerKey.cpp.

To generate your own self-signed certificates, use the script files in the \nburn\CreateCerts folder:

  • makeca.bat to generate a Certificate Authority certificate and key
  • makeserver.bat to generate the HTTPS server certificate and key

For the common name (CN), use the IP address of your device, then copy the generated .cpp files to your project's src folder.

Please refer to the \nburn\examples\ssl folder for more advanced SSL/TLS certificate handling.

TLS vs Plain: BasicWebConfigWithTLS and BasicWebConfig

This example adds SSL/TLS to the config-mirror demonstrated in BasicWebConfig. The two are kept as separate examples on purpose; here is the trade-off.

A single application can serve both protocols: the EnableSecureConfigServer(false) call used here means "TLS or plain", so this build already accepts both HTTPS and HTTP (use EnableSecureConfigServer(true) for TLS-only). The reason there are two examples is firmware footprint, certificate setup, and keeping each lesson focused - not a technical limitation.

Aspect BasicWebConfigWithTLS (this example) BasicWebConfig
Transport HTTPS, and plain too via EnableSecureConfigServer(false) Plain HTTP only
SSL/TLS library Linked - roughly doubles the firmware image Not linked
Certificate/key Required - compiled-in cert/key (ServerCert.cpp/ServerKey.cpp) plus serial commands to load/validate them None needed
Extra setup Generate and provision a server certificate (see above) None
Best for Security-sensitive deployments; protecting config read/write in transit Closed/trusted networks; smallest build; learning the basics

Pros of TLS (this example): configuration traffic - including passwords - is encrypted in transit, and you can require TLS-only with EnableSecureConfigServer(true). Cons: larger firmware (the SSL library is linked in), and you must generate, provision, and maintain a server certificate.

Use BasicWebConfig instead when the config page only needs to run on a trusted network and you want the smallest possible build.