• State Suggested Answer
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 74 subscribers
  • Views 800 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 294655
Options

Provisioning the nRF Cloud Certificate to nrf9160-chip

Alpo Leinonen

Is it possible to download the Certificate from a file or memory to chip with the internal SDK function?

I intend to automate the installation of the certificate on the device.

I am using nRF SDK v2.0.2.

I can't find exact information anywhere about the internal interface where the certificate can be loaded onto the chip..

  • 0

    Hello,

    Is it possible to download the Certificate from a file or memory to chip with the internal SDK function?

    Yes, you can see how it is done in asset_tracker_v2/src/cloud-certs.

  • 0 in reply to Hakon

    I can't find any solution here!
    Can you give the name of the function?
  • 0 in reply to Alpo Leinonen

    I found this code:

    /* Provisions root CA certificate using modem_key_mgmt API */
static int nct_provision(void)
{
	static sec_tag_t sec_tag_list[] = { CONFIG_NRF_CLOUD_SEC_TAG };

	nct.tls_config.peer_verify = 2;
	nct.tls_config.cipher_count = 0;
	nct.tls_config.cipher_list = NULL;
	nct.tls_config.sec_tag_count = ARRAY_SIZE(sec_tag_list);
	nct.tls_config.sec_tag_list = sec_tag_list;
	nct.tls_config.hostname = NRF_CLOUD_HOSTNAME;

#if defined(CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES)
#if defined(CONFIG_NRF_MODEM_LIB)
	{
		int err;

		/* Delete certificates */
		nrf_sec_tag_t sec_tag = CONFIG_NRF_CLOUD_SEC_TAG;

		for (enum modem_key_mgmt_cred_type type = 0; type < 5;
		     type++) {
			err = modem_key_mgmt_delete(sec_tag, type);
			LOG_DBG("modem_key_mgmt_delete(%u, %d) => result = %d",
				sec_tag, type, err);
		}

		/* Provision CA Certificate. */
		err = modem_key_mgmt_write(CONFIG_NRF_CLOUD_SEC_TAG,
					   MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN,
					   ca_certificate,
					   strlen(ca_certificate));
		if (err) {
			LOG_ERR("ca_certificate err: %d", err);
			return err;
		}

		/* Provision Private Certificate. */
		err = modem_key_mgmt_write(
			CONFIG_NRF_CLOUD_SEC_TAG,
			MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT,
			private_key,
			strlen(private_key));
		if (err) {
			LOG_ERR("private_key err: %d", err);
			return err;
		}

		/* Provision Public Certificate. */
		err = modem_key_mgmt_write(
			CONFIG_NRF_CLOUD_SEC_TAG,
			MODEM_KEY_MGMT_CRED_TYPE_PUBLIC_CERT,
			device_certificate,
			strlen(device_certificate));
		if (err) {
			LOG_ERR("device_certificate err: %d",
				err);
			return err;
		}
	}
#else
	{
		int err;

		err = tls_credential_add(CONFIG_NRF_CLOUD_SEC_TAG,
					 TLS_CREDENTIAL_CA_CERTIFICATE,
					 ca_certificate,
					 sizeof(ca_certificate));
		if (err < 0) {
			LOG_ERR("Failed to register ca certificate: %d", err);
			return err;
		}
		err = tls_credential_add(CONFIG_NRF_CLOUD_SEC_TAG,
					 TLS_CREDENTIAL_PRIVATE_KEY,
					 private_key,
					 sizeof(private_key));
		if (err < 0) {
			LOG_ERR("Failed to register private key: %d", err);
			return err;
		}
		err = tls_credential_add(
			CONFIG_NRF_CLOUD_SEC_TAG,
			TLS_CREDENTIAL_SERVER_CERTIFICATE,
			device_certificate,
			sizeof(device_certificate));
		if (err < 0) {
			LOG_ERR("Failed to register public certificate: %d",
				err);
			return err;
		}
	}
#endif /* defined(CONFIG_NRF_MODEM_LIB) */
#endif /* defined(CONFIG_NRF_CLOUD_PROVISION_CERTIFICATES) */

	return 0;
}

    Could I have an example of how to use this?

  • 0 in reply to Alpo Leinonen

    Yes, the asset_tracker_v2 that I referred to is a good example for how certificates can be provisioned from a file.

    Alpo Leinonen said:
    Can you give the name of the function?

    modem_key_mgmt_write(), or you can use the AT%CMNG command to store certificates.

Related
Terms of service