Does WICED SDK support SSL/TLS mutual authentication?

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
AxLi_1746341
Level 7
Level 7
10 comments on KBA 5 comments on KBA First comment on KBA

If yes, is there any example code available for mutual authentication?

If no, do you have plan to support it?

Thanks.

1 Solution
Anonymous
Not applicable

Hi  axel.lin,

Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.

There are two APIs needed to enable mutual authentication.

wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );

-> This API will load server certificate and server key which is already stored in DCT.

wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );

-> You also need to load root certificate which will be used to verify client certificate.

Thanks,

Vikas

View solution in original post

2 Replies
cogoc_1937206
Level 4
Level 4
First like received

I have the same question.  Specifically when the WICED device is acting as the server.

In the snip/https_server example code, I see that an 'identity' is passed to the wiced_https_server_start() call which contains the device certificate programmed into the DCT.  It seems to lack, however, a means of specifying the client credentials (i.e. the client's root CA) when mutual authentication is desired.

0 Likes
Anonymous
Not applicable

Hi  axel.lin,

Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.

There are two APIs needed to enable mutual authentication.

wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );

-> This API will load server certificate and server key which is already stored in DCT.

wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );

-> You also need to load root certificate which will be used to verify client certificate.

Thanks,

Vikas