Hello,
I'm new to netburner world.
1. I try to use SSL onboard certificate generation feature, so I build the example code using v2.9.3 and load it into a MOD54415 module which has a DHCP address. Every time when I access to the module via https, it will reboot to Alternate Monitor Image. It's OK if access by http. So I use IPsetup v2.5 give it a static IP address. Device reboot back to example application, and I can access it by https although there's warning about connection is not private.
2. I noticed the self signed certificate generated by the board has an invalid digital signature. Even though I added certificate to the Trust Root CA list, and restart my browser, it still warn me the website is not safe due to CERT_AUTHORITY_INVALID in chrome
3. Google Chrome require subject alternate name, how do I pass in a list of names so that SAN include in the certificate?
Any idea I can get it fix or is there anything I did it wrong? Any help is much appreciated
SslOnboardCertGeneration
Re: SslOnboardCertGeneration
Hi There,
Unfortunately, there is a fix that was recently added to address the issue you're experiencing described in #1. It will be included in the next release, but you can add it yourself very easily. In the the file <NNDK install>\system\cryptolib\NetBurner\NbWolfSsl.cpp, in the function findString(), change line 772 to:
char * fndStr = strstr((char *)&str[pos], toFind);
After this, you will need to recompile the system libraries.
You can add a custom common name and alternative names to the certificate generation when you call SSL_CreateNewSelfSignedCert(). The first parameter takes a const char* for the common name, and the second parameter takes a const char** for an array of alternative names. This function is more clearly documented in NetBurnerSecurityLibraries.pdf, which should be found in <nndk install>\docs\NetBurnerRuntimeLibrary.
Adding the alternative names should fix issue #2 as well.
Thanks for reaching out to us. We want to make using our libraries as easy as possible, and always appreciate hearing where folks get stuck. If you run into any other issues, please don't hesitate to reach out and let us know.
Kind Regards,
Jon
Unfortunately, there is a fix that was recently added to address the issue you're experiencing described in #1. It will be included in the next release, but you can add it yourself very easily. In the the file <NNDK install>\system\cryptolib\NetBurner\NbWolfSsl.cpp, in the function findString(), change line 772 to:
char * fndStr = strstr((char *)&str[pos], toFind);
After this, you will need to recompile the system libraries.
You can add a custom common name and alternative names to the certificate generation when you call SSL_CreateNewSelfSignedCert(). The first parameter takes a const char* for the common name, and the second parameter takes a const char** for an array of alternative names. This function is more clearly documented in NetBurnerSecurityLibraries.pdf, which should be found in <nndk install>\docs\NetBurnerRuntimeLibrary.
Adding the alternative names should fix issue #2 as well.
Thanks for reaching out to us. We want to make using our libraries as easy as possible, and always appreciate hearing where folks get stuck. If you run into any other issues, please don't hesitate to reach out and let us know.
Kind Regards,
Jon
-
RebootExpert
- Posts: 84
- Joined: Fri Oct 09, 2020 2:57 pm
Re: SslOnboardCertGeneration
Thanks for your reply. Now I pass in a list of SAN, device will reboot to Alternate Monitor Image when I try to open the webpage either by http or https.
What I did just uncommented the CreateCertAndKey() in main and pass in the SAN list.
What I did just uncommented the CreateCertAndKey() in main and pass in the SAN list.
Code: Select all
const char *SAN[] = {"SAN1","SAN2"};
SSL_CreateNewSelfSignedCert(nullptr, SAN);
Re: SslOnboardCertGeneration
Hi RebootExpert,
Did you incorporate the fix to <NNDK install>\system\cryptolib\NetBurner\NbWolfSsl.cpp that I mentioned above? Also, when you did so, did you rebuild the system libraries?
Kind Regards,
Jon
Did you incorporate the fix to <NNDK install>\system\cryptolib\NetBurner\NbWolfSsl.cpp that I mentioned above? Also, when you did so, did you rebuild the system libraries?
Kind Regards,
Jon
-
RebootExpert
- Posts: 84
- Joined: Fri Oct 09, 2020 2:57 pm
Re: SslOnboardCertGeneration
Yes I replace the line of code in the source file, and rebuild all system files. This did solve issue #1.
-
RebootExpert
- Posts: 84
- Joined: Fri Oct 09, 2020 2:57 pm
Re: SslOnboardCertGeneration
It will automatically reboot to Alternate Monitor Image after boot to the example app. I didn't try to open the webpage of it.
Re: SslOnboardCertGeneration
Hi RebootExpert,
Just to make sure, I've made this same change to the example and am not able to replicate the issue. Would you be able to open a support ticket? I'd like to take a closer look at your code. I'll be sure to pick up your ticket when it comes in.
Kind Regards,
Jon
Just to make sure, I've made this same change to the example and am not able to replicate the issue. Would you be able to open a support ticket? I'd like to take a closer look at your code. I'll be sure to pick up your ticket when it comes in.
Kind Regards,
Jon