2 thoughts on “HE910D version x.26 SSLSECDATA specified for DER format”
I can successfully open an ssl socket with this: AT#SSLSECCFG,1,0,1,1 (using loaded PEM certificates)
I cannot successfully open an ssl socket with DER format specified: AT#SSLSECCFG,1,0,1,0 (using loaded DER certificates)
Can you please confirm whether or not DER formats are supported for this product/firmware configuration?
The documentation in Sect. 3.2 and Sect 3.3 of the SSL/TLS User Guide Rev.10 (2015-04-07) appears to state that they are not.
Thanks,
Mark Brinton
Yes, your SW version (12.00.026) should support both formats (DER and PEM). If it would not support it, setting the ‘cert_format’ parameter in AT#SSLSECCFG, should result in an error.
If in both formats the certificate is the same, the DER format should work as well, of course if AT#SSLSECDATA=1,1,1,x replied correctly with an OK. However, we suggest the use of PEM files, because some terminal emulators have issues with binary files. The DER certificate is a binary file and some terminals can interpret part of the certificate data as control characters. Therefore, the integrity of this binary file is not preserved and the certificate becomes invalid.
We use cookies to enhance your browsing experience and help us improve our websites. To improve our website, we carefully select third parties that use cookies to allow us to serve specific content and achieve the purposes set out in our cookie policy. For more information on how to make adjustments through your browser to the cookies being used on your device, please click Find Out More link. By closing this banner or continuing to browse our website, you agree to our use of such cookies. FIND OUT MORE
I can successfully open an ssl socket with this: AT#SSLSECCFG,1,0,1,1 (using loaded PEM certificates)
I cannot successfully open an ssl socket with DER format specified: AT#SSLSECCFG,1,0,1,0 (using loaded DER certificates)
Can you please confirm whether or not DER formats are supported for this product/firmware configuration?
The documentation in Sect. 3.2 and Sect 3.3 of the SSL/TLS User Guide Rev.10 (2015-04-07) appears to state that they are not.
Thanks,
Mark Brinton
Yes, your SW version (12.00.026) should support both formats (DER and PEM). If it would not support it, setting the ‘cert_format’ parameter in AT#SSLSECCFG, should result in an error.
If in both formats the certificate is the same, the DER format should work as well, of course if AT#SSLSECDATA=1,1,1,x replied correctly with an OK.
However, we suggest the use of PEM files, because some terminal emulators have issues with binary files. The DER certificate is a binary file and some terminals can interpret part of the certificate data as control characters.
Therefore, the integrity of this binary file is not preserved and the certificate becomes invalid.