Is there a way to read out the Common Name from a device certificate?

Hi!

You can't read the device cert from the application processor.

 This is incorrect. Using the AT command interface in NCS, you can use the %CMNG command to read out the certificates and then parse it in your application. Make sure to change the AT_CMD_RESPONSE_MAX_LEN config to at least 3k (it defaults to 2.7 kB). 

Best regards,

Heidi

Heidi, I tried it, it didn't work. You can read the CA cert, but not the device cert. Perhaps this isn't the intended behavior, but it's what happens. The response length is set to 4k, just to make sure. I know which cert I put in, and it should easily fit in 4k.

If you read the CA cert with, for example AT%CMNG=2, 12345678, 0 you get the expected result. Trying the same on the device cert by issuing AT%CMNG=2, 12345678, 1 results in this response:

[00:03:26.627,197] 

[1;31m<err> at_host: Error while processing AT command: -8

Heidi, I tried it, it didn't work. You can read the CA cert, but not the device cert. Perhaps this isn't the intended behavior, but it's what happens. The response length is set to 4k, just to make sure. I know which cert I put in, and it should easily fit in 4k.

If you read the CA cert with, for example AT%CMNG=2, 12345678, 0 you get the expected result. Trying the same on the device cert by issuing AT%CMNG=2, 12345678, 1 results in this response:

[00:03:26.627,197] 

[1;31m<err> at_host: Error while processing AT command: -8

Hi, you are correct, sorry about the misinformation. You cannot use %CMNG to read out certificate types 1,2, and 3 (client certificate, client private key and pre-shared key). This is for security reasons. 

could something like this get added to the SDK at some point?

 It could, but it is very unlikely as this was done intentionally. 

Perhaps an application that stores the information to flash, when the certificates are being written to the modem is the best way to do this. 

Can I ask why you need this feature?