2 Replies Latest reply on Aug 1, 2016 10:39 PM by vikass_01

    Does WICED SDK support SSL/TLS mutual authentication?

    AxLi_1746341

      If yes, is there any example code available for mutual authentication?

      If no, do you have plan to support it?

       

      Thanks.

        • 1. Re: Does WICED SDK support SSL/TLS mutual authentication?
          cogoc_1937206

          I have the same question.  Specifically when the WICED device is acting as the server.

           

          In the snip/https_server example code, I see that an 'identity' is passed to the wiced_https_server_start() call which contains the device certificate programmed into the DCT.  It seems to lack, however, a means of specifying the client credentials (i.e. the client's root CA) when mutual authentication is desired.

          • 2. Re: Does WICED SDK support SSL/TLS mutual authentication?

            Hi  axel.lin,

             

            Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.

            There are two APIs needed to enable mutual authentication.

             

            wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );

            -> This API will load server certificate and server key which is already stored in DCT.

             

            wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );

            -> You also need to load root certificate which will be used to verify client certificate.

             

            Thanks,

            Vikas

            2 of 2 people found this helpful