• State Resolved
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 225 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3120: SimpleLink SDK Root CA Authentication Question

Chris Garren
Prodigy 10 points
Part Number: CC3120


Tool/software:

I'm using the SimpleLink SDK with a CC3120 and am making a TLS connection with a root CA specified to authenticate against, with the trusted certificate catalog disabled. I'm wondering how the SimpleLink SDK authenticates the root certificate. Does it use the public key only? Or does it look at the whole certificate?

  • 0
    TI__Intellectual 1470 points

    Hi Chris,

    The catalog is authenticated by the public key as stated on the third page of the certificates handling manual. There is a visual guide that shows signature verification path as well as content signing. 

    I hope this helps. 

  • 0 in reply to Brandon Liu
    Prodigy 10 points

    Hi Brandon, apologies, I realized I had a typo in my post. I've updated it. The trusted certificate catalog is disabled for the connection.

    I'm asking about how the certificate chain that's presented by a server is verified, and whether the other fields in the certificate are checked or just the public key.

  • +1 in reply to Chris Garren
    TI__Intellectual 1470 points

    Hi Chris,

    Each certificate in a chain is signed by the next (immediate or root) certificate in the chain. The signatures are verified using the public key of the next certificate (for root, you would just use its own public key). When a client is authenticating a server's certificate chain, the client is supposed to have the server's root CA certificate (which self-signs with its private key) and performs the previous steps. The client also checks the expiration date of the certificate in the case of TLS (optional) as well as whether or not the root CA is in the trusted catalog (also optional).

    Please see section 1.2, 1.5.2, and 1.5.2.1 of the certificates handling manual for more information. I have linked it here again for your reference.