Simple Onboard Cert Gen with v3.x

[SeeCwriter]

I created example program SslOnboardCertGeneration, the Simple version, for a MOD5441X. The program runs, and I can open the unsecure webpage. But the secure page gives me error ERR_CERT_INVALID. When I look at the certificate through the cert viewer, it displays error "Unable to decode certificate". Do I need to install a certificate in my browser (Chrome)? I get the same response from Edge.
I'm using v3.3.9.

[TomNB]

I have just built and tested that example on a MOD54415. I do not see that error. As expected, I do see a browser warning since the certificate authority is not installed on the browser, but the cert is valid. I would attache the image, but it would be invalid for your since your IP address of the device is different (common name).

[TomNB]

ormatted time string: 2:09:02 PM
Application: On-board Cert Generation - Simple
NNDK Revision: 3.3.9
IP Address: 10.1.1.127
The device can be accessed as follows:
- If you have Internet access: discover.netburner.com
- http://10.1.1.127 for application web page (HTTP)
- https://10.1.1.127 for application web page (HTTPS)
- http://10.1.1.127:20034 for system configuration web page (HTTP)
- https://10.1.1.127:20034 for system configuration web page (HTTPS)
IP Address: 10.1.1.127
IP Address: 10.1.1.127
IP Address: 10.1.1.127

[SeeCwriter]

Did you use the example program as-is? Because I noticed that there is no function to create a self-signed certificate like there is in the Advanced version.

[TomNB]

Hello,

I used the simple as-is because that is what you were asking about. In main.cpp it calls:
EnableOnboardCertificateCreation(); // Enable automatic certificate and key generation

Are you asking about advanced or simple? In any event, if you build and run simple, does it work correctly for you as it does here?

[SeeCwriter]

I was asking about the simple example. I have built it (simple example) and it doesn't work for me. I get error ERR_CERT_INVALID.

I looked at function EnableOnboardCertificateCreation(), and it has a single statement that sets a function pointer to a function that does the certificate creation, but the function is not called. Is there supposed to be something going on behind the scenes that will eventually call the certificate creating function, because there is nothing in the example code that calls it?

[SeeCwriter]

I added function createCertAndKey() from the Advanced example to the Simple example, called it, and I was able to load the HTTPS webpage. I removed createCertAndKey, and restored the Simple example back to original, and again I was able make a secure connection and load the HTTPS webpage.
To test whether the Simple example was just using the cert created when I added createCertAndKey, I deleted the cert by adding function HalEraseDeviceCertAndKey() at the very top of UserMain. And sure enough, the invalid certificate error returned. This suggests that the Simple example doesn't actually create a self-signed cert. Perhaps something needs to be enabled in the system libraries.

Code: Select all

void UserMain(void *pd)
{
    HalEraseDeviceCertAndKey();

    EnableOnboardCertificateCreation();   // Enable automatic certificate and key generation
    EnableSecureConfigServer(false);      // Enable the secure configuration server. False param means don't force TLS mode

    init();
    //Enable system diagnostics. Probably should remove for production code.
    EnableSystemDiagnostics(); 
    WaitForActiveNetwork(TICKS_PER_SECOND * 5);
   ...
}

[TomNB]

That is odd behavior that I have not been able to re-create here yet, but will look into it. The onboard cert creation should happen in the background.

[TomNB]

I have attached my .bin file of the simple example. You will get a warning because the CN will not match, but you should still be able to view the certificate and not get an invalid warning. Please give it a try and let me know.

[SeeCwriter]

I get the same invalid certificate error using your .bin file.