Dmitrij Shabroff via mbed-tls <
mbed-tls@lists.trustedfirmware.org> wrote:
> Good afternoon.
> I am a microcontroller product designer. I ported MBED TLS to STM
> 32L471 microcontroller. While I do not understand how can I use the
> certificate. My customer gave me a certificate in the form of a
> center2m.com.cer file. The file contains the 3 fields:
I don't know what your customer gave you.
There are three things that you might be given:
1) a trust anchor (certification authority) to use to validate a connection.
2) a pinned certificate for the server that you are expected to connect to.
3) a certificate that goes with a private key you already have in the device,
which you will use as a client certificate for TLS client authentication.
How you would install these is different.
(3) generally needs to be provisioned in the factory, at manufacturing time.
That's a more complex situation, but for testing purposes you could get away
with putting the certificate into C code.
While there are routines in mbedtls that can read/parse a PEM file, and you
could include the certificates as a string, you'd save code space if you
included the certificate in DER form.
Your makefile should convert using, for instance:
openssl x509 -in cert.pem -outform der -out cert.der
xxd -i cert.der >> cert_data.c
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | IoT architect [
]
mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [