Adding Certificates of Authority

Introduction

This documents how to add certificates of authority (CA) to your DevEdge IoT Developer Kit.

Prerequisites

Why would I want to implement the instructions in this document?

In order to send the JSON payload created by the kit to a source of your choosing, you will need a certificate of authority (CA) installed on the kit. This document shows you how to download and install these certificates.

Configuration

Step A

Connect your DevEdge IoT Developer Kit to a computer via serial app.

  1. Connect your IoT Developer Kit using the USB-A to USB-C cable provided to your computer like in the screenshot below. Ensure that the J-Link USB-C Debug port (port on the right) is plugged into your computer.

  2. Open your serial app on your computer. For demonstration purposes we will use Serial on a Mac.

  3. Select the serial port that is connected to your IoT Developer Kit then click Open.

  4. Under Terminal > Settings > Line Settings > Baud Rate make sure the following values are set then click OK:
    1. Baud Rate / Speed - 9600
    2. Data Rate - 8
    3. Parity - None
    4. Stop Bits - 1
    5. Flow Control - None

  5. At the command line screen press Enter on your keyboard. The uart command prompt appears. To learn more about uart, please read the document Interacting with the Kit at CLI via tmo_shell.

Step B

Download the certificates of authority to the kit.

  1. Create a certificate directory on the kit by using the command fs mdir /tmo/certs/.

  2. Connect to Wi-Fi by entering the command tmo wifi connect 2 "SSID" 0 "PSK".

    >

  3. Download the latest CA cert collection by entering the following commands:

    1. For modem:

      tmo certs dld 1 https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites
    2. For Wi-Fi:

      tmo certs dld 2 https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites

Step C

Find your necessary certificate.

  1. Enter tmo certs list <name of cert>. For demonstration purposes, we will search for DigiCertcertificates.

    The <name of cert> is case sensitive. If you search for "digicert" there will be no results.

  2. If you do not know the name of your certificate, enter tmo certs listand the entire list of certificates will appear.

  3. Remember the <index> number for the certificate. You will need it in the next step.

Step D

Load the needed certificate.

  1. Enter tmo certs load 091 to load the certificate.

Step E

Utliize the certificate.

  1. Once you have the certificate loaded, it will automatically be used in the http and socket commands for Wi-Fi. For modem, in order to use the cert, it must be loaded into the modem using the following command:

    tmo certs modem_load 091


Troubleshooting

  • Problem 1 - How will I know I have the specified certificate installed?
  • Solution 1 - Enter tmo certs info and verify that the certificate you specified is indeed installed.


FAQ

  • Question 1 - How can I determine the root certificate of authority (CA) for a URL?
  • Answer 1 - If you have OpenSSL installed on your computer you can use the followng commands in your command line app, like Terminal for Mac, to determine the root CA:
    • openssl s_client -verify 5 -connect <url>:443 -servername <url> | grep 'depth'