facchinm
commented
5 years ago Hi @gjt211 , when we upload a certificate using the website url we only copy the root CA certificate into the WINC module. In this way, every certificate validation/revocation is handled automatically (as long as the root certificate doesn't change).
What you are proposing defeats completely the validation part of SSL chain-of-trust (who's telling you that the certificate you ado "installing" has not been tampered?).
Even if I strongly discourage this (and self signed certificates for production) you can start taking a look at https://github.com/arduino-libraries/WiFi101/blob/master/examples/FirmwareUpdater/FirmwareUpdater.ino (handles the physical upload layer) and https://github.com/arduino-libraries/WiFi101-FirmwareUpdater-Plugin/blob/master/src/cc/arduino/plugins/wifi101/certs/WiFi101Certificate.java#L80 (handles the format of certificates accepted by the WINC).
Combining these you will be able to produce a certificate inside the D21 (given it fits in RAM) and flash it directly.
gjt211
I have a concern using certificates for SSL/TLS encryption. I can upload my own self signed certificates as needed and this works fine.
What I want to know, is what happens when the self signed certificate changes on my server? Do I need to upload a new certificate to the WINC1500 module? This could also occur using normal (not self-signed) certificates when they automatically update. How do I tell the WINC1500 module to use the new certificate without uploading it?
I can easily download a certificate to my SAMD21 from my server. But can I then put this in the WINC1500 remotely (i.e. without actually physically connecting to and going through the steps)?
Can I add some code to my arduino program that will let me do this, and if so, where do I start about doing this?
Sorry if my question or explanation is not too clear. Hoping someone can provide some guidance.