Adding Certificates of Authority
Introduction
This documents how to add certificates of authority (CA) to your DevEdge IoT Developer Kit.
Prerequisites
- The DevEdge IoT Developer Kit.
- A serial app like PuTTY, Serial, Tera Term, or picocom.
- A USB-A to USB-C cable.
- tmo_shell version tmz-1.15.0-qa or greater installed on the kit.
Why would I want to implement the instructions in this document?
In order to send the JSON payload created by the kit to a source of your choosing, you will need a certificate of authority (CA) installed on the kit. This document shows you how to download and install these certificates.
Configuration
Step A
Connect your DevEdge IoT Developer Kit to a computer via serial app.
-
Connect your IoT Developer Kit using the USB-A to USB-C cable provided to your computer like in the screenshot below. Ensure that the J-Link USB-C Debug port (port on the right) is plugged into your computer.
- Open your serial app on your computer. For demonstration purposes we will use Serial on a Mac.
- Select the serial port that is connected to your IoT Developer Kit then click Open.
- Under Terminal > Settings > Line Settings > Baud Rate make sure the following values are set then click OK:
- Baud Rate / Speed - 9600
- Data Rate - 8
- Parity - None
- Stop Bits - 1
- Flow Control - None
-
At the command line screen press Enter on your keyboard. The uart command prompt appears. To learn more about uart, please read the document Interacting with the Kit at CLI via tmo_shell.
Step B
Download the certificates of authority to the kit.
-
Create a certificate directory on the kit by using the command
fs mdir /tmo/certs/
. -
Connect to Wi-Fi by entering the command
>tmo wifi connect 2 "SSID" 0 "PSK"
. -
Download the latest CA cert collection by entering the following commands:
For modem:
tmo certs dld 1 https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites
-
For Wi-Fi:
tmo certs dld 2 https://ccadb.my.salesforce-sites.com/mozilla/IncludedRootsPEMTxt?TrustBitsInclude=Websites
Step C
Find your necessary certificate.
-
Enter
tmo certs list <name of cert>
. For demonstration purposes, we will search forDigiCert
certificates.The <name of cert> is case sensitive. If you search for "digicert" there will be no results.
-
If you do not know the name of your certificate, enter
tmo certs list
and the entire list of certificates will appear. - Remember the <index> number for the certificate. You will need it in the next step.
Step D
Load the needed certificate.
-
Enter
tmo certs load 091
to load the certificate.
Step E
Utliize the certificate.
-
Once you have the certificate loaded, it will automatically be used in the http and socket commands for Wi-Fi. For modem, in order to use the cert, it must be loaded into the modem using the following command:
tmo certs modem_load 091
Troubleshooting
- Problem 1 - How will I know I have the specified certificate installed?
-
Solution 1 - Enter
tmo certs info
and verify that the certificate you specified is indeed installed.
FAQ
- Question 1 - How can I determine the root certificate of authority (CA) for a URL?
- Answer 1 - If you have OpenSSL installed on your computer you can use the followng commands in your command line app, like Terminal for Mac, to determine the root CA:
-
openssl s_client -verify 5 -connect <url>:443 -servername <url> | grep 'depth'
-