2 thoughts on “HE910D version x.26 SSLSECDATA specified for DER format”
I can successfully open an ssl socket with this: AT#SSLSECCFG,1,0,1,1 (using loaded PEM certificates)
I cannot successfully open an ssl socket with DER format specified: AT#SSLSECCFG,1,0,1,0 (using loaded DER certificates)
Can you please confirm whether or not DER formats are supported for this product/firmware configuration?
The documentation in Sect. 3.2 and Sect 3.3 of the SSL/TLS User Guide Rev.10 (2015-04-07) appears to state that they are not.
Thanks,
Mark Brinton
Yes, your SW version (12.00.026) should support both formats (DER and PEM). If it would not support it, setting the ‘cert_format’ parameter in AT#SSLSECCFG, should result in an error.
If in both formats the certificate is the same, the DER format should work as well, of course if AT#SSLSECDATA=1,1,1,x replied correctly with an OK. However, we suggest the use of PEM files, because some terminal emulators have issues with binary files. The DER certificate is a binary file and some terminals can interpret part of the certificate data as control characters. Therefore, the integrity of this binary file is not preserved and the certificate becomes invalid.
I can successfully open an ssl socket with this: AT#SSLSECCFG,1,0,1,1 (using loaded PEM certificates)
I cannot successfully open an ssl socket with DER format specified: AT#SSLSECCFG,1,0,1,0 (using loaded DER certificates)
Can you please confirm whether or not DER formats are supported for this product/firmware configuration?
The documentation in Sect. 3.2 and Sect 3.3 of the SSL/TLS User Guide Rev.10 (2015-04-07) appears to state that they are not.
Thanks,
Mark Brinton
Yes, your SW version (12.00.026) should support both formats (DER and PEM). If it would not support it, setting the ‘cert_format’ parameter in AT#SSLSECCFG, should result in an error.
If in both formats the certificate is the same, the DER format should work as well, of course if AT#SSLSECDATA=1,1,1,x replied correctly with an OK.
However, we suggest the use of PEM files, because some terminal emulators have issues with binary files. The DER certificate is a binary file and some terminals can interpret part of the certificate data as control characters.
Therefore, the integrity of this binary file is not preserved and the certificate becomes invalid.