Autogenerated certs

Discussion to talk about software related topics only.
Post Reply
SeeCwriter
Posts: 605
Joined: Mon May 12, 2008 10:55 am

Autogenerated certs

Post by SeeCwriter »

I'm curious about the release note in v3.3.2 about "Autogenerated certs are now checked...and are recreated if they expire." I am only using v2.9.5 at this time, but I am assuming this feature will be added to next release of v2.x. Using a MOD5441X and v2.9.5, it takes approx. 15-seconds to generate a cert. During that time the module is essentially bricked as there is no comm at all. Webpage doesn't update, TCP links are closed, no serial, etc. That's a long time for equipment to be offline. So the idea of the module autogenerating a cert on its own is alarming. Is that really how it works?
User avatar
Jon
Posts: 79
Joined: Mon Feb 05, 2018 10:54 am

Re: Autogenerated certs

Post by Jon »

Hi SeeCwriter,

Currently that is the case, though only if autogenerated certs are currently being used. Autogenerated certs are only initially generated if there are no other certs installed on the device (either compiled in or loaded via the file system), and the device tries to initialize the SSL/TLS libraries either through making a connection, listening for one, or starting a secure web server.

All that said, your point makes absolute sense. In the next release, we'll be adding a predef.h that enables the autocert regeneration, and it will be off by default. Developers can always check the status of autogenerated certs and handle the regeneration there if they want more control over the device's behavior. Additionally, we'll make sure that this is what is ported to 2.9.X. Thanks for taking the time to share your feedback.

Kind Regards,
Jon
Post Reply