• State Resolved
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 373 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC3220MODA: About the certificate catalog for CC3220MODA

Nomo
Guru 16800 points
Part Number: CC3220MODA

Hello,

We have some questions about the certificate catalog for CC3220MODA.

1.What catalog and certificate should we use for the production?
  In case we use the simple mode, the certificate such as "dummy-root-ca-cert" is selected automatically.
  However, these playground certificates are prohibited to use for the production.
  We want to know what files should be selected and used for the production.

2.Can certcatalog20190217.lst in certificate-catalog of SDK be used as catalog?
  And in case of the catalog, should we use the root CA or intermediate CA certification for

3.In case we operate without the signature of CA, should we use the vendor certificate catalog?
  And, in this case, should we complete the chain of certification by creating the root CA ourselves?

Best Regards,
Nomo

  • 0
    TI__Mastermind 22935 points

    Hi Nomo

    The trusted root certificate catalog should be used for production. Check C:\ti\simplelink_cc32xx_sdk_4_30_00_06\tools\cc32xx_tools\certificate-catalog in SDK installation. I believe there is an option to use your own catalog but most customers do not do this.

    You always need the root CA. Depending on the certificates you use and how you set everything up you may need an intermediate certificate but this is an implementation detail that may or may not apply to you.

    I think you will find this document helpful. It talks about certificate handling in CC3220. 

    Let me know if you have anymore questions.

    Jesu

  • 0 in reply to Jesu
    Guru 16800 points

    Hi Jesu-san,

    Thank you for your reply and helpful information.
    We have additional question for the certification.

    At page 3 in the documentation SWPU332A, we can see the figure of the certification chain and vendor certificate.
    At the timing of writing image or booting, is there any possibility not to be booted CC3220MODA normally, if the vender certification or CA certification validation date expires?
    (This question is for at the timing of validating MCU Image not for at the timing of connecting or communicating of SSL/TLS.)

    We're concerned for the case that MCU doesn't boot up normally after several years passed from the production.
    And, we need to understand the valid date of certification for maintenance and the behavior of CC3220 if certification expires.

    Best Regards,
    Nomo

  • 0 in reply to Jesu
    Guru 16800 points

    Hi Jesu-san,

    Do you have any update on this thread?

    Best Regards,
    Nomo

  • 0 in reply to Nomo
    TI__Mastermind 22935 points

    Hi Nomo,

    For booting the MCU image you don't have to worry if the cert is expired because there are no guarantees the RTC will be accurately tracking the time. You should be fine for this case. 

    Jesu

  • 0 in reply to Jesu
    Guru 16800 points

    Hi Jesu-san,

    Thank you for your reply.
    It's good information.

    Best Regards,
    Nomo