Hi,
For an MQTT application, we need to generate client certificates in the Nordic (nRF9160) to simplify the production phase. Ideally we want to push a CA certificate with the command %CMNG to a security tag and call a command to generate a client certificate signed by this CA certificate.
1. I see that an AT command exists for key generation (%KEYGEN) that can create a certificate signing request (CSR). Are there or will be a command to generate a client certificate from this CSR? If not, do you recommend to use the command to generate the CSR and do the signing ourselves in the code or to do everything ourselves ? We looked at the library MBEDTLS for that.
2. It is recommended to have 2 CA certificates if one is revoked. But only one CA certificate is associate to a security tag. Do you have a way do deal with lists of CA certificate ? Or do we need to change the CA certificate in the corresponding tag if it is not valid anymore?
Also, it looks like there is not a specific error returned for an invalid CA certificate during the mqtt connection. There is an error that could correspond to various problems. Am I right ? If yes, how can we know that a new CA certificate is needed ?
Thank you in advanced,
Elisa
