Thales' cellular IoT products business is now part of Telit Cinterion, find out more.

You are here

Telit Cinterion IoT Developer Community

Server certificates manager

Showcase, June 14, 2019 - 4:35pm, 5224 views


Python tool presented here allows managing server certificate in untrusted mode in Java m2m modules. By using just one command, this tool can download proper root certificate from online database, convert it to format readable by module and install on the module. Other untrusted mode security commands related to server certificate are supported as well.


This tool should be used from command - line terminal. Following syntax is allowed:

-i 0|1|2|3 [-u url -p port] [-c com_port [-b baudrate]  [-r 0|1]]


   0: HttpsVerifyOnUntrusted

   1: HttpsVerifyOffUntrusted

   2: AddHttpsCertificateUntrusted

   3: DelAllHttpsCertificatesUntrusted

-u: url of TLS server whose certificates we want to download, e.g.

-p: port of TLS server whose certificates we want to download, e.g. 443

-c: COM port to communicate with module, e.g. com65

-b: baudrate, e.g. 115200


  0: don't reboot the module

  1: reboot the module in the end

During its work, although everything can be automatically set on module, the tool will also generate needed files:
-security commands in .txt file,

-certificate file to install on module in .bin file,

-root certfificate in binary .der fomat.

If you have python installed on your PC, you can start the tool by typing in command-line:

If you don't have python installed on your PC, you can use .exe file:
cert_manager .exe
However, I don't guarantee .exe file will work on all OS.

Launching the tool without any arguments (as below  in both examples) will print help.

jseccmd.jar has to be in the same directory as the tool.

How it works?

The tool parses command line arguments to check what has to be done. Next, depending on the arguments it uses external jar file to generate security command and install it on the module.  

When we want to install root certificate in the module, the tool firstly connects with server to obtain certificate chain and check issuer data of the last certificate in the chain. After that it connects to the external certificate database and download correct root certificate. In the end it is converted and install on the module.

Example of use

1. Enabling certificate verification on the module:

cert_manager.exe -i 0 -c com65 -b 115200 -r 1

generating security command

communicating with module on com65 with baudrate 115200





2. Downloading root certificate and installing it on the module:

cert_manager.exe -i 2 -u -p 443 -c com65 -b 115200 -r 1

connecting to server

seraching root certificate in the database

downloading root certificate from the database

generating security command

communicating with module on com65 with baudrate 115200



JDL CRC32 0xdbb0215a







Below, from the attachments section you can download python source files. Exe version you can download here:

password: Gemalto123


ADAM GEMALTO's picture