How to get CA Certificate of any server using Google Chrome
If you are performing HTTPS communication with a server, you may want to validate the CA Certificate of the server to confirm that your messages are reaching the intended recipient. On microcontrollers like ESP32, you may want to hard code the CA Certificate for validation purposes. In this tutorial, we will look at the steps required to obtain the CA certificate of any server using Google Chrome.
Please note that this will only work for HTTPS websites. We will use https://www.google.com/ for a demonstration. You can follow the same steps using the URL of the server of your interest.
Step 1: Click on the lock icon in the address bar and click on Certificate
Step 2: Go to the ‘Details’ tab and click ‘Copy to File’
Step 3: In the resultant dialog box that opens up, click ‘Next’
Step 4: Select Base-64 encoded X.509 (.CER) as the export file format, and click Next
Step 5: Specify the save file path and file name and click Next
Step 6: Click Finish
That’s it. You are done. Now if you go back to the saved file and open it in a text editor, like notepad, you should see the certificate in the following format:
A Note on the validity of CA Certificates
Most of the CA certificates issued to servers have a very limited validity. For example, the validity of Google’s CA certificate is slightly less than 3 months.
This will be problematic if you are hard-coding this certificate in a device like ESP32, which may be deployed in the field for years. In such cases, it is prudent to use the CA certificate of the Certification Authority which allotted the CA certificate to Google in the first place. This is referred to as the Root CA.
You can get the CA certificate of the Certification Authority by going to the Certification Path tab and clicking on the top-most entity in the hierarchy and clicking on ‘View Certificate’.
The validity of the Root CA is usually much longer.
As you can see, the validity of the Root CA certificate is 15 years. To download the Root CA certificate, follow the same steps as above. You may still want to make a note of the expiration date of the certificate and update your application accordingly.
For more tutorials on ESP32, see https://iotespresso.com/category/esp32/
