https://devzone.nordicsemi.com/f/nordic-q-a/56705/is-there-a-way-to-read-out-the-common-name-from-a-device-certificateFor purposes of provisioning a device, it would be handy to be able to read out the Subject common name from the device certificate. You can&#39;t read the device cert from the application processor. Is there a way to cause the modem to parse the cert anden-USTelligent Community 13Mon, 27 Jan 2020 17:12:39 GMThttps://devzone.nordicsemi.com/thread/231252?ContentTypeID=1Mon, 27 Jan 2020 17:12:39 GMT137ad170-7792-4731-bb38-c0d22fbe4515:4537057a-e223-4b4e-b675-7415bfa2dad7JVantol<p>Actually it turns out I don&#39;t need this. I wound up using the PSK identity slot to store my device name, and that works great.</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/230307?ContentTypeID=1Wed, 22 Jan 2020 11:08:57 GMT137ad170-7792-4731-bb38-c0d22fbe4515:3561e7bf-d6c0-41dd-a30d-b170c57c9cf7Heidi<p>Hi, you are correct, sorry about the misinformation.&nbsp;You cannot use %CMNG to read out certificate types 1,2, and 3 (client certificate, client private key and pre-shared key). This is for security reasons.&nbsp;</p> <p>&nbsp;</p> [quote user=""]could something like this get added to the SDK at some point?[/quote] <p>&nbsp;It could, but it is very unlikely as this was done intentionally.&nbsp;</p> <p></p> <p>Perhaps an application that stores the information to flash, when the certificates are being written to the modem is the best way to do this.&nbsp;</p> <p></p> <p>Can I ask why you need this feature?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/230130?ContentTypeID=1Tue, 21 Jan 2020 15:35:45 GMT137ad170-7792-4731-bb38-c0d22fbe4515:754295d3-d19f-4a2a-923a-35292cabbad3JVantol<p>Heidi, I tried it, it didn&#39;t work. You can read the CA cert, but not the device cert. Perhaps this isn&#39;t the intended behavior, but it&#39;s what happens. The response length is set to 4k, just to make sure. I know which cert I put in, and it should easily fit in 4k.</p> <p>If you read the CA cert with, for example AT%CMNG=2, 12345678, 0 you get the expected result. Trying the same on the device cert by issuing AT%CMNG=2, 12345678, 1 results in this response:</p> <pre style="background-color:#000000;border:initial;border-radius:initial;color:#72b3cf;display:initial;font-family:Menlo, Monaco, Consolas, &#39;Courier New&#39;, monospace;font-size:inherit;font-style:normal;font-weight:bold;letter-spacing:normal;line-height:initial;margin:initial;overflow:auto;padding:initial;text-align:left;text-indent:0px;text-transform:none;">[00:03:26.627,197] </pre> <pre class="ctrl-char ESC" style="background-color:#000000;border:initial;border-radius:initial;color:#72b3cf;display:initial;font-family:Menlo, Monaco, Consolas, &#39;Courier New&#39;, monospace;font-size:inherit;font-style:normal;font-weight:bold;letter-spacing:normal;line-height:initial;margin:initial;overflow:auto;padding:initial;text-align:left;text-indent:0px;text-transform:none;"></pre> <pre style="background-color:#000000;border:initial;border-radius:initial;color:#72b3cf;display:initial;font-family:Menlo, Monaco, Consolas, &#39;Courier New&#39;, monospace;font-size:inherit;font-style:normal;font-weight:bold;letter-spacing:normal;line-height:initial;margin:initial;overflow:auto;padding:initial;text-align:left;text-indent:0px;text-transform:none;">[1;31m&lt;err&gt; at_host: Error while processing AT command: -8<br /><br /><br /></pre><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/230052?ContentTypeID=1Tue, 21 Jan 2020 12:09:52 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a61362a3-5ffd-4be9-bb4d-985a5bb9d43fHeidi<p>Hi!</p> <p></p> [quote user=""]You can&#39;t read the device cert from the application processor.[/quote] <p>&nbsp;This is incorrect. Using the <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/include/at_cmd.html">AT command interface</a>&nbsp;in NCS, you can use the %CMNG command to read out the certificates and then parse it in your application. Make sure to change the&nbsp;<span>AT_CMD_RESPONSE_MAX_LEN config</span>&nbsp;to&nbsp;at least 3k (it defaults to 2.7 kB).&nbsp;</p> <p></p> <p>Best regards,</p> <p>Heidi</p><div style="clear:both;"></div>