- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If yes, is there any example code available for mutual authentication?
If no, do you have plan to support it?
Thanks.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi axel.lin,
Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.
There are two APIs needed to enable mutual authentication.
wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );
-> This API will load server certificate and server key which is already stored in DCT.
wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );
-> You also need to load root certificate which will be used to verify client certificate.
Thanks,
Vikas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same question. Specifically when the WICED device is acting as the server.
In the snip/https_server example code, I see that an 'identity' is passed to the wiced_https_server_start() call which contains the device certificate programmed into the DCT. It seems to lack, however, a means of specifying the client credentials (i.e. the client's root CA) when mutual authentication is desired.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi axel.lin,
Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.
There are two APIs needed to enable mutual authentication.
wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );
-> This API will load server certificate and server key which is already stored in DCT.
wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );
-> You also need to load root certificate which will be used to verify client certificate.
Thanks,
Vikas