• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 41 subscribers
  • Views 498 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

CC3220: What format does the SSL certificate need to be in for using HTTPS server?

CC3220: Issue with CN of SSL certificate for HTTPS server

Adithya Madanahalli
Prodigy 35 points

Part Number: CC3220

Hello,

We are currently trying to get the HTTPS server working in our application on CC3220SF based on Simplelink SDK2.20. The application uses the on-board HTTPS server for provisioning and local OTA  and needs to be secure. We purchased SSL certificates with the following chain of trust "device _domain_name" ->Thawte RSA CA 2018 -> DigiCert Global Root CA.
Domain name of CC3320 is set to "device _domain_name" and the certificate+private key is stored on the file system . We start the HTTP server with redirect to secure port as described in the programmer's guide.

    /* Set the file names used for SSL key exchange */
    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_DEVICE_CERTIFICATE_FILENAME,
                  strlen((char *)SSL_SERVER_CERT),
                  (const uint8_t *)SSL_SERVER_CERT);

    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_PRIVATE_KEY_FILENAME,
                  strlen((char *)SSL_SERVER_KEY),
                  (const uint8_t *)SSL_SERVER_KEY);

    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_CA_CERTIFICATE_FILE_NAME,
                  sizeof(serverCACertificateFileName),
                  serverCACertificateFileName);

    /* Activate SSL security on primary HTTP port and change it to
       443 (standard HTTPS port) */
    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_PRIMARY_PORT_SECURITY_MODE,
                  sizeof(securityMode),
                  &securityMode);

    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_PRIMARY_PORT_NUMBER,
                  sizeof(httpsPort),
                  httpsPort);

    /* Enable secondary HTTP port (can only be used for redirecting
       connections to the secure primary port) */
    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_SECONDARY_PORT_NUMBER,
                  sizeof(secondaryPort),
                  secondaryPort);

    SetNetAppHttp(&retVal,
                  SL_NETAPP_HTTP_SECONDARY_PORT_ENABLE,
                  sizeof(secondaryPortEnable),
                  secondaryPortEnable);

retVal = sl_NetAppStop(SL_NETAPP_HTTP_SERVER_ID);

retVal = sl_NetAppStart(SL_NETAPP_HTTP_SERVER_ID);

On trying the access the web-page, the browser shows “NET::ERR_CERT_COMMON_NAME_INVALID” .  This might be due to the fact that the certificate is issued to validate the "device _domain_name" but the name resolves to an IP address. In other words typing in "https://device_domain_name" leads to "https://device_IP_Address" and the browser reports common name or domain error.

Is it possible to over come this redirect issue in a way that the certificates are still valid ?

or  Are there some other type of certificates available that can fix this issue ?

Are we missing something here ?

Best Regards

Adithya

  • 0
    Guru 73345 points
    Hi Adithya,

    It does not exist solution of this issue at any kind of devices with https and own local IP address. Any kind of device with https from any manufacturer have this issue (APs, switches, webcams, etc.).

    Jan