Client Secure Class

Methods and properties described in this section are specific to ESP8266. They are not covered in Arduino WiFi library documentation. Before they are fully documented please refer to information below.

Supported crypto

In the background the library axtls is used. The library supports only rsa certificates and no new eliptic curve certificates. TLSv1.2 is supported since SDK 2.4.0-rc1.

The following ciphers and digests are supported by specification:

  • Symmetric Ciphers
    • AES128-SHA
    • AES256-SHA
    • AES128-SHA256
    • AES256-SHA256
  • Asymmetric Ciphers
    • RSA 512/1024/2048/4096 bit encryption/decryption.
    • RSA signing/verification
  • Digests
    • SHA1
    • MD5
    • SHA256/384/512
    • HMAC-SHA1
    • HMAC-MD5
    • HMAC-SHA256


Load client certificate from file system.



#include <FS.h>
#include <ESP8266WiFi.h>
#include <WiFiClientSecure.h>

const char* certyficateFile = "/client.cer";

setup() or loop()

if (!SPIFFS.begin())
  Serial.println("Failed to mount the file system");

Serial.printf("Opening %s", certyficateFile);
File crtFile =, "r");
if (!crtFile)
  Serial.println(" Failed!");

WiFiClientSecure client;

Serial.print("Loading %s", certyficateFile);
if (!client.loadCertificate(crtFile))
  Serial.println(" Failed!");

// proceed with connecting of client to the host


Load client certificate from C array.

setCertificate (array, size)

For a practical example please check this interesting blog.

Other Function Calls

bool  verify (const char *fingerprint, const char *domain_name)
void  setPrivateKey (const uint8_t *pk, size_t size)
bool  loadCertificate (Stream &stream, size_t size)
bool  loadPrivateKey (Stream &stream, size_t size)
template<typename TFile >  bool  loadPrivateKey (TFile &file)

Documentation for the above functions is not yet prepared.

For code samples please refer to separate section with examples dedicated specifically to the Client Secure Class.