This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nrf9160: Adding intermediate certificates to the TLS engine

Hello,

I am running into an issue attempting to add certificates to the device in order to facilitate HTTPS calls to our backend directly from the device.

Before the LTE modem has been configured I make a call to nrf_inbuilt_key_write in order to write the private/public and CA certifications to the device.

 

I appear to be running into a limitation with the certificate size when passing it to nrf_inbuilt_key_write. If the certificate size is too large, it will return me error 105 (NRF_ENOBUFS).

The reason that the certificate is so large is that it contains the root certificate authority as well as an additional intermediate certificate.

Is there any solution to installing more than one (intermediate) CA certificates to the device?

Thank you

Parents Reply
  • Okay, so it sounds like if I have a certificate chain consisting of 3 certificates (which is less than the maximum amount of 4 intermediate certificates) but exceeds 4kB when put all together, this configuration is not supported for now?

    I guess I am just confused by what you mean when you say, "The chain file for certificate chaining must be less than 8kB." The three certificates that I need to add to the modem is just slightly over 6kB and all of them are well under 4 kB individually.

    Can you confirm that this scenario (3 certificates, all under 4kB individually, over 6kB when combined) is unsupported? Note that I am not included the public/private key in this scenario.

Children
Related