2 Replies Latest reply on Aug 1, 2016 10:39 PM by vikass_01

    Does WICED SDK support SSL/TLS mutual authentication?


      If yes, is there any example code available for mutual authentication?

      If no, do you have plan to support it?



        • 1. Re: Does WICED SDK support SSL/TLS mutual authentication?

          I have the same question.  Specifically when the WICED device is acting as the server.


          In the snip/https_server example code, I see that an 'identity' is passed to the wiced_https_server_start() call which contains the device certificate programmed into the DCT.  It seems to lack, however, a means of specifying the client credentials (i.e. the client's root CA) when mutual authentication is desired.

          • 2. Re: Does WICED SDK support SSL/TLS mutual authentication?

            Hi  axel.lin,


            Yes. We have support of mutual authentication for both client and server. you can refer snip/https_server in 3.7.0 latest SDK.

            There are two APIs needed to enable mutual authentication.


            wiced_tls_init_identity( &tls_identity, dct_security->private_key, strlen( dct_security->private_key ), (uint8_t*) dct_security->certificate, strlen( dct_security->certificate ) );

            -> This API will load server certificate and server key which is already stored in DCT.


            wiced_tls_init_root_ca_certificates( httpbin_root_ca_certificate, strlen(httpbin_root_ca_certificate) );

            -> You also need to load root certificate which will be used to verify client certificate.




            2 of 2 people found this helpful