• State Resolved
  • Replies 5 replies
  • Subscribers 40 subscribers
  • Views 94 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

LAUNCHXL-CC3235SF: How to get server certificate

Trevor Hsu
Genius 4535 points
Part Number: LAUNCHXL-CC3235SF

Tool/software:

Hi 

Our application needs to obtain a server certificate. Does TI have a sample guide on how to achieve this on CC3235?

import ssl

 

# Server address

serverHost = "example.com";

serverPort = "443";

serverAddress = (serverHost, serverPort);

 

# Retrieve the server certificate in PEM format

cert = ssl.get_server_certificate(serverAddress);

print(cert);

Thanks.

BR

Trevor

  • 0
    TI__Guru 60695 points

    Hi,

    Once you have the right root CA certificate, you need to flash it to the file system.

    You can use as a reference the network_terminal example and specifically socket_cmd.c file where you can find SECURE_SOCKET definition.

    Also look at this user guide https://www.ti.com/lit/ug/swpu332a/swpu332a.pdf?ts=1736067795632&ref_url=https%253A%252F%252Fwww.google.com%252F

    Shlomi

  • 0 in reply to Shlomi Itzhak
    Genius 4535 points

    Hi Shlomi, 

    Let's clarify our question, we can get the server certificate using browser and put the server certificate in userFiles folder and then we can connect to the server securely (MQTT portocoal).

    The above behavior is 

    1. Obtain the server certificate using borwser to download.

    2. Copy server certificate into userFiles, then using CCS to flash it.

    Next we would like to obtain the serveer certificate  on CC32xx, in our PC Pyton applicaton, we only need to use "ssl.get_server_certificate()" of SSL module to implement it. 

    Do you have any suggeeston for us?

    Thanks.

    BR

    Trevor

  • 0 in reply to Trevor Hsu
    TI__Guru 60695 points

    Hi,

    I see. Why do you need to get the certificate chain of certificates? It is all handled internally in the NWP and it does not get to the application level.

    Only if there is an issue with validating the chain, you would get an indication.

    Shlomi

  • 0 in reply to Shlomi Itzhak
    Genius 4535 points

    Hi Shlomi, 

    Currently, we can use a browser to obtain the server certificate and copy the server certificate to the userFiles folder. After flashing and resetting the LP board using CCS, we can connect to the server.

    But when the server certificate expires, it will can't not connect to the server, so for our Python application, ssl.get_server_certificate() will be used to update the server certificate when it can not connect to the server.

    Do you have any suggestons for us?

    Thanks.

    BR

    Trevor

  • +1 in reply to Trevor Hsu
    TI__Guru 60695 points

    this is what OTA is used for.

    When a certificate expires, you will need to get the updated root CA from the server and upgrade over the air the filesystem.

    there is no API to fetch a certificate from the server.