putting the right certificates in certificates.

RE: putting the right certificates in certificates.

DevinCallahan — Wed, 17 Apr 2019 17:16:04 GMT

Any of the CA certificates should work in the "NRF_CLOUD_CA_CERTIFICATE" in certificates.h. The only constraint is the signature algorithms the TLS library on the device supports. I would like to imagine both RSA keys and ECC keys are supported though. If you care about space the ECC certs are much smaller (that's just an inherent benefit of ECC over RSA).

RE: putting the right certificates in certificates.

MJD093 — Wed, 17 Apr 2019 09:29:14 GMT

The private key is an RSA key so the first RSA 2048 is what we use at the moment but that probably is a question for Nordic to answer. Of the two RSA CAs, the smaller 2048 is probably the correct one as the other will require more space to store.

RE: putting the right certificates in certificates.

MosheSmartAmr — Wed, 17 Apr 2019 09:22:29 GMT

Thanks MJD093,

There are several kinds of ROOT CA certificates (see second image), which one should I choose?

RE: putting the right certificates in certificates.

MJD093 — Wed, 17 Apr 2019 09:08:08 GMT

I am currently at this stage as well but I believe that you need the rootCA, private key and the public certificate

In certificates.h:

Private key first (private.key)

Public Cert second (cert.pem)

rootCA third (root-CA.crt)

I figured these are the three files used from the wording of the .h file and that MQTT processes like Mosquitto use these three files to successfully publish to our AWS IoT instance.

See /path/to/ncs/nRF5_SDK_15.2.0_9412b96/external/mbedtls/library/certs.c to see an example of how Nordic set these certificates up for a different process