How to check the CA (Certification Authority)

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
hiko_4316286
Level 4
Level 4
50 replies posted 25 replies posted 10 replies posted

We've received reports that CA(Certification Authority) are not being checked, and we're considering taking action.
Since "TLS_VERIFICATION_REQUIRED" is set, I think the SSL certificate verification process is working.

◆ File
wiced_defaults.h
/* WICED TLS Options * /
#define WICED_TLS_DEFAULT_VERIFICATION (TLS_VERIFICATION_REQUIRED)

◆ Environment
・ WICED SDK: 6.4.0
・ OS: ThreadX

◆makefile
In the current situation, to check the Certification Authority (CA), is it enough to set the path of the root CA to "CERTIFICATE" and "PRIVATE_KEY" in the makefile?
Or is this a self-signed certificate for the HTTP server, and there is another way to check for a Certificate Authority?

CERTIFICATE := $(SOURCE_ROOT)resources/certificates/server_cert.cer
PRIVATE_KEY := $(SOURCE_ROOT)resources/certificates/server_cert_key.key

0 Likes
1 Solution
Rakesh_BG
Moderator
Moderator
Moderator
50 solutions authored 100 replies posted 100 sign-ins

Hi @hiko_4316286 ,

Yes, It is enough to set the path of the root CA to "CERTIFICATE" and "PRIVATE_KEY" in the makefile.

You can verify whether CERTIFICATE_STRING and PRIVATE_KEY_STRING are getting generated in generated_security_dct.h file  which is present inside build folder.

 And both strings will be written into DCT_SECURITY_SECTION in flash from where the code reads the strings for verification.

Thanks,

Rakesh B G

View solution in original post

0 Likes
1 Reply