ELS61 - How to know which certificates installed | Telit Cinterion IoT Developer Community
October 6, 2020 - 4:03pm, 1705 views
Hi
I would like to know if there is a way to know which (client) certificates installed in the module.
We are now able to write certificated to the module (by a host MCU on restart), but would like to avoid excessive write to flash if the correct certificate is already installed.
But we cannot identify which certificates are present.
We were thinking about writing the certificates' thumbprint into the filesystem of the module during certificate installation, but it seems that it is not possible to read that file afterwards.
Any ideas how to solve it?
Hello,
It is not possible for this module to list the installed certificates. But during an attempt to install the same certificate again there would be an error with the information that it is already installed. As for the file system it is possible to create and write to the files. It is also possible to read the files. But your solution would have to ensure somehow that the information stored in the file reflects the real contents of the keystore. In fact there would be no 100% guarantee.
Regards,
Bartłomiej
Hello
It is clear that there will be no 100% guarantee, but it is better than wearing the flash system every day writing the same file (for secure java command) again and again.
Regards,
Yuriy
Hello,
Honestly I don't know at the moment the implementation details but I remember that an attempt to install the same certificate ends with an error with some information. But you are right - to test it you need to store the bin file on FFS firsts. So if it is to be done every day there would be one save operation less if you had the file.
But why do you need to install the certificate every day? Usually the servers use the same certificates for a long time.
Regards,
Bartłomiej
That is because our device is powering up every dat and is checking the settings in internet. so, if the settings are changed we need to update the module with new certificates, if not - we continue.
The issue here is that the modules are "pluggable", it means that the communication module has been replaced and we need to make sure it can operate - to upload correct certificates.
In that case the solution with extra file sounds reasonable. In worst case if there is no file or the certificate verification fails the app can install new certs anyway.
In other cases there will be no need to update.
BR,
Bartłomiej