• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 1597 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Questions about SSL Certificates

Frank Pilhofer
Prodigy 130 points
Other Parts Discussed in Thread: CC3200

Hi,

I am trying to use SSL certificates to communicate with an HTTPS server (Dropbox), but I am getting error -155 when connecting. I am unsure which certificate to use. Do I use the server certificate (*.dropbox.com), or do I use the root certificate (GoDaddy Root Certificate Authority)? I have tried both with the same result.

I have used Firefox to download either certificate in "X.509 Certificate (DER)" format, and added the file to my flash file system as "/cert/129.der". I then set sockSecureFiles.secureFiles[2] = 129 and call sl_SetSockOpt(...,SL_SO_SECURE_FILES);

Any suggestions?

Thanks,

Frank

  • 0
    Prodigy 130 points

    Hi,

    I have created a self-contained application that attempts to connect securely to www.google.de:443. I have created files in flash "/cert/255.der" with Google's certificate, "/cert/254.der" with the intermediate certificate "Google Internet Authority G2", and "/cert/253.der" with the "GeoTrustGlobalCA" root certificate. But no matter whether I set the secure file to 253, 254 or 255, I get the same error -155 upon sl_Connect(). If I set the secure files to all 0, the connection succeeds with ESECSNOVERIFY. If I set the secure files to a non-existing number, I get a different error (-456).

    The output looks like:

    APP:  Power-on, NP reset.
    WLAN: Host driver version: 0.0.5.1
    WLAN:         NWP version: 2.0.7.0
    WLAN:    Firmware version: 0.0.3.0
    WLAN:         PHY version: 1.1.8.8
    WLAN: Initializing ... done.
    WLAN: Started.
    WLAN: Waiting for connection ... connected.
    WLAN: Waiting for IP address ... 192.168.135.10.
    HTTP: CA IDX set to 254.
    HTTP: Error connecting to 74.125.232.95 port 443: -155.
    APP:  HTTP download failed.
    WLAN: Disconnecting ... disconnected.

    Any ideas or advice?

    Thank you,

    Frank

    4113.Hello_Hibernate.zip

  • 0 in reply to Frank Pilhofer
    TI__Mastermind 18455 points

    Hi Frank,

     

    Sorry for all the confusion you are going thru, we will work to improve our documentation.

    For google.com, you need to use "Equifax Secure CA" and not any other of the certificates you have mentioned.

     

    The only certificate you need to set is the root CA certificate.

    So, you just need to flash this certificate using the uniflasher under any file name (please use SDK0.52 which doesn't required the usage of file IDs) and set this file name using the Sl_SetSockOpt() API.

     

    E.g:

    Let's assume you have flashed the Equifex certificate under the name "Equifax.der".

    In this case you need to use:

    sl_SetSockOpt(SockID, SL_SOL_SOCKET, SL_SO_SECURE_FILES_CA_FILE_NAME, "Equifax.der", strlen("Equifax.der"));

     

    Thanks,

    Alon

  • 0 in reply to Alon Srednizki
    Prodigy 130 points

    Alon,

    thank you, with the Equifax certificate I was able to make the connection.

    I am still confused about matching servers with root certificates, though. When click on the lock icon in Firefox and look at the certificate for www.google.com (see attached image below), there is nothing about Equifax. By trial, error and Google I also eventually figured out which certificate from GoDaddy I needed to connect to Dropbox.

    Can you recommend a good process to figure out the root certificate for a Web server? I realize that this question has nothing to do with the CC3200.

    FWIW, I am using the current SDK 0.52. But its SimpleLink.h still defines SL_DRIVER_VERSION as "0.0.5.1".

    Thanks,

    Frank