Part Number: CC3220
Hello,
We are currently trying to get the HTTPS server working in our application on CC3220SF based on Simplelink SDK2.20. The application uses the on-board HTTPS server for provisioning and local OTA and needs to be secure. We purchased SSL certificates with the following chain of trust "device _domain_name" ->Thawte RSA CA 2018 -> DigiCert Global Root CA.
Domain name of CC3320 is set to "device _domain_name" and the certificate+private key is stored on the file system . We start the HTTP server with redirect to secure port as described in the programmer's guide.
/* Set the file names used for SSL key exchange */
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_DEVICE_CERTIFICATE_FILENAME,
strlen((char *)SSL_SERVER_CERT),
(const uint8_t *)SSL_SERVER_CERT);
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_PRIVATE_KEY_FILENAME,
strlen((char *)SSL_SERVER_KEY),
(const uint8_t *)SSL_SERVER_KEY);
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_CA_CERTIFICATE_FILE_NAME,
sizeof(serverCACertificateFileName),
serverCACertificateFileName);
/* Activate SSL security on primary HTTP port and change it to
443 (standard HTTPS port) */
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_PRIMARY_PORT_SECURITY_MODE,
sizeof(securityMode),
&securityMode);
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_PRIMARY_PORT_NUMBER,
sizeof(httpsPort),
httpsPort);
/* Enable secondary HTTP port (can only be used for redirecting
connections to the secure primary port) */
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_SECONDARY_PORT_NUMBER,
sizeof(secondaryPort),
secondaryPort);
SetNetAppHttp(&retVal,
SL_NETAPP_HTTP_SECONDARY_PORT_ENABLE,
sizeof(secondaryPortEnable),
secondaryPortEnable);
retVal = sl_NetAppStop(SL_NETAPP_HTTP_SERVER_ID);
retVal = sl_NetAppStart(SL_NETAPP_HTTP_SERVER_ID);
On trying the access the web-page, the browser shows “NET::ERR_CERT_COMMON_NAME_INVALID” . This might be due to the fact that the certificate is issued to validate the "device _domain_name" but the name resolves to an IP address. In other words typing in "https://device_domain_name" leads to "https://device_IP_Address" and the browser reports common name or domain error.
Is it possible to over come this redirect issue in a way that the certificates are still valid ?
or Are there some other type of certificates available that can fix this issue ?
Are we missing something here ?
Best Regards
Adithya