• State Resolved
  • Locked Locked
  • Replies 7 replies
  • Subscribers 42 subscribers
  • Views 3394 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3200 Secure Sockets - Client Certificates

J Moyerman
Prodigy 110 points
Other Parts Discussed in Thread: CC3200

Dear E2E,


Has anybody got a working example of using client certificates with the CC3200? I've gotten server certificates to work, but when uploading a .der format client certificate (that works with a desktop application, so I know the certificate/key pair are valid) the CC3200 returns -456 /* error secure level bad Certificate file */


I'm guessing that I've flashed an invalid format of certificate, but have tried various formats, and cannot find any official documentation to show the format that needs to be used.

Thanks.

  • 0
    Guru 21435 points

    I suspect you have either got the incorrect certificate or the desktop app is having issues. You need to first make sure the certificate you have works with your application. 

    Regarding whether you have the right format, can you view the certificate when it is on the harddrive, it should look like a certificate. 

    Glenn

  • 0
    TI__Genius 16085 points
    Hi Moyerman,


    Certificates should be in DER format.

    Please refer "CA Certificate" section on processors.wiki.ti.com/.../CC32xx_SSL_Demo_Application or "Generating certificates using OpenSSL" section on processors.wiki.ti.com/.../CC32xx_Serial_Wifi.


    Regards,
    Aashish
  • 0 in reply to Aashish Bhanawat
    Prodigy 110 points

    Aashish,


    Thank you, but those files do not provide an explanation of using client certificates to authenticate with a server. I have been able to connec to the server using the Server's CA file. I have also been able to connect to the server using the client certificates that I have flashed to the CC3200 while on a desktop connection, and the server verifies them. My original post had an error in that I receive the error code

    "#define SL_ESECBADPRIVATEFILE                 (-458)  /* error secure level bad private file */"


    Not the one listed above.

    A code snippit below of how I am setting up the socket:

    #define SL_CA_FILE "/cert/129.der"
        retVal = sl_SetSockOpt(n->my_socket, SL_SOL_SOCKET,
                                                     SL_SO_SECURE_FILES_CA_FILE_NAME,
                                                     SL_CA_FILE,
                                                     strlen(SL_CA_FILE));
        if (retVal < 0) {
            return retVal;
        }

    #define SL_CERT "/cert/130.der"
        retVal = sl_SetSockOpt(n->my_socket, SL_SOL_SOCKET,
                                                     SL_SO_SECURE_FILES_CERTIFICATE_FILE_NAME,
                                                     SL_CERT,
                                                     strlen(SL_CERT));
        if (retVal < 0) {
            return retVal;
        }
    #define SL_KEY "/cert/131.key"
        retVal = sl_SetSockOpt(n->my_socket, SL_SOL_SOCKET,
                                                     SL_SO_SECURE_FILES_PRIVATE_KEY_FILE_NAME,
                                                     SL_KEY,
                                                     strlen(SL_KEY));
        if (retVal < 0) {
            return retVal;
        }

    Thanks to all for your help.

  • 0 in reply to J Moyerman
    TI__Mastermind 18455 points
    Hi,

    This error code indicates that either the key file is missing, or that it is not in the right format.
    Please note that the key file must be in .der format and matching to the client certificate.

    Thanks,
    Alon
  • 0 in reply to Alon Srednizki
    Prodigy 110 points

    Resolved it. Thanks for help TI. It was a format error. The key hadn't converted formats.

  • 0 in reply to J Moyerman
    Prodigy 10 points

    Hi,

    I am having the same difficulties with connecting via TLS and receive the same error code.

    I do not really understand how I can convert my private .key into .der. I can find a lot of documentation how to use openssl and other tools to convert a certificate to .der, but I cannot find anything for .key to .der conversion at all... Can anybody give me some guidance how I can perform this conversion?

    Cheers,

    Fabian

  • 0 in reply to fabians
    TI__Guru 64305 points

    Hello Fabian,

    This post has been closed long ago.

    For better tracking, is it possible that you open a new thread and reference to this one for reference?

    I can answer on the new thread.

    Regards,

    Shlomi