• State Resolved
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 457 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CCS/CC3220SF: HTTP Server SSL

Michael Fuhrmann
Intellectual 770 points
Part Number: CC3220SF
Other Parts Discussed in Thread: CC3200

Tool/software: Code Composer Studio

We have a code signing certificate signed by one of the CA in the catalogue. We want to set the HTTP server in the CC3200 with SSL. Now obviously we don't want to copy our private key to the device. Can we use a self signed certificate for the HTTPS server or do we need to get another one signed?

  • 0
    TI__Mastermind 40965 points

    Hi,

    You should get another signed certificate. While you could use a self-signed certificate, that will cause the HTTPS connection to a browser to appear as unsecure as the certificate chain will be untrusted. That being said, other than the connection being untrusted by HTTP clients, the HTTP server of the CC3220 will function correctly despite using a certificate that is not trusted by its root CA store.

    Also, it is possible to store the private key used for the HTTPS server securely. The key can be provided to the CC3220 filesystem with the 'secure' flag set at programming time, which means that it will be encrypted on the device filesystem and only be decryptable and usable by the CC3220 NWP. While the CC3220 NWP will seamlessly decrypt the files it needs on the filesystem it needs on the fly, it will be inaccessible to the main CC3220 processor and stored encrypted on the external serial flash. See the secure filesystem SimpleLink Academy module for more information: http://dev.ti.com/tirex/explore/node?node=AGVKWEmMLTdrSDotQX5Oug__fc2e6sr__LATEST

    Let me know if you need more clarification or have further questions on this topic.


    Regards,

    Michael 

  • 0 in reply to Michael Reymond
    Intellectual 770 points

    Thank you Michael for the clarifications. Since we are using the http sever only from our own app using a self signed will do it for us.