Thales' cellular IoT products business is now part of Telit Cinterion, find out more.

You are here

Telit Cinterion IoT Developer Community

Server certificates manager

Showcase, June 14, 2019 - 4:35pm, 5224 views

Introduction

Python tool presented here allows managing server certificate in untrusted mode in Java m2m modules. By using just one command, this tool can download proper root certificate from online database, convert it to format readable by module and install on the module. Other untrusted mode security commands related to server certificate are supported as well.

Description

This tool should be used from command - line terminal. Following syntax is allowed:

-i 0|1|2|3 [-u url -p port] [-c com_port [-b baudrate]  [-r 0|1]]

-i:

   0: HttpsVerifyOnUntrusted

   1: HttpsVerifyOffUntrusted

   2: AddHttpsCertificateUntrusted

   3: DelAllHttpsCertificatesUntrusted

-u: url of TLS server whose certificates we want to download, e.g. developer.gemalto.com

-p: port of TLS server whose certificates we want to download, e.g. 443

-c: COM port to communicate with module, e.g. com65

-b: baudrate, e.g. 115200

-r:

  0: don't reboot the module

  1: reboot the module in the end

During its work, although everything can be automatically set on module, the tool will also generate needed files:
-security commands in .txt file,

-certificate file to install on module in .bin file,

-root certfificate in binary .der fomat.

If you have python installed on your PC, you can start the tool by typing in command-line:
python cert_manager.py 

If you don't have python installed on your PC, you can use .exe file:
cert_manager .exe
However, I don't guarantee .exe file will work on all OS.

Launching the tool without any arguments (as below  in both examples) will print help.

jseccmd.jar has to be in the same directory as the tool.

How it works?

The tool parses command line arguments to check what has to be done. Next, depending on the arguments it uses external jar file to generate security command and install it on the module.  

When we want to install root certificate in the module, the tool firstly connects with server to obtain certificate chain and check issuer data of the last certificate in the chain. After that it connects to the external certificate database and download correct root certificate. In the end it is converted and install on the module.

Example of use

1. Enabling certificate verification on the module:

cert_manager.exe -i 0 -c com65 -b 115200 -r 1

generating security command

communicating with module on com65 with baudrate 115200

AT^SJMSEC=cmd,0B00310001000500020001

OK

AT+CFUN=1,1

OK

2. Downloading developer.gemalto.com root certificate and installing it on the module:

cert_manager.exe -i 2 -u developer.gemalto.com -p 443 -c com65 -b 115200 -r 1

connecting to server developer.gemalto.com:443

seraching root certificate in the database

downloading root certificate from the database

generating security command

communicating with module on com65 with baudrate 115200

AT^SJDL=1,894,"AddHttpsCertificateUntrusted"

CONNECT

JDL CRC32 0xdbb0215a

OK

AT^SJMSEC=file,AddHttpsCertificateUntrusted

OK

AT+CFUN=1,1

OK

Sources

Below, from the attachments section you can download python source files. Exe version you can download here:
https://files.c-wm.net/index.php/s/d6waooCqPBYmgdH

password: Gemalto123

Author

ADAM GEMALTO's picture
ADAM GEMALTO