NetBurner 3.3.9
PDF Version
Onboard Certificate Generation

Modules

 Certificate Generation Alternate Name Types
 
 Certificate Generation Key Types
 
 Function Return Codes
 

Classes

struct  AltNameEntry
 The AltNameEntry struct holds all of the information required to add a single alternate name entry to a certificate that's generated onboard the module. More...
 
struct  CertGenData
 Used to store the information that is passed in when enabling onboard generated certificates, as well as the information needed to determine when they need to be regenerated. More...
 

Functions

CertGenReturnCode SSL_CreateNewSelfSignedCert (const char *common_name=nullptr, int yearsValid=1, AltNameEntry altNames[]=nullptr, int altNameCnt=0)
 Generates a new self-signed certificate that will be stored on the device. More...
 
void EnableOnboardCertificateCreation (char *common_name=nullptr, int yearsValid=1, AltNameEntry altNames[]=nullptr, int altNameCnt=0, CertGenReturnCode(*createCertFunc)(const char *, int, AltNameEntry[], int)=SSL_CreateNewSelfSignedCert)
 Enables the ability for the module to automatically generate self-signed certificates for use in SSL/TLS connections when acting as the server. More...
 

Detailed Description

Function Documentation

◆ EnableOnboardCertificateCreation()

void EnableOnboardCertificateCreation ( char *  common_name = nullptr,
int  yearsValid = 1,
AltNameEntry  altNames[] = nullptr,
int  altNameCnt = 0,
CertGenReturnCode(*)(const char *, int, AltNameEntry[], int)  createCertFunc = SSL_CreateNewSelfSignedCert 
)

Enables the ability for the module to automatically generate self-signed certificates for use in SSL/TLS connections when acting as the server.

If a certificate is manually loaded on the module prior to the SSL server being intialized, that certificate will be use and nothing will be generated. If a certificate had been previously generated and a new certificate is manually loaded on the device, the newly loaded certificate will be used in place of the automatically generated one, though the automatically generated one will still be availabe on the module.

Parameters
common_nameThe common_name used for the certificate. If nullptr is passed in, it defaults to the device name. If the device name is empty, it defaults to the IP address.
yearsValidHow long the certificate will be valid for. The default is 1 year.
altNamesThe formatted alternate names. Please see the example on proper usage.
altNameCntHow many alternate names are being passed in.
createCertFuncOptional parameter to specify a custom create certificate function.

◆ SSL_CreateNewSelfSignedCert()

CertGenReturnCode SSL_CreateNewSelfSignedCert ( const char *  common_name = nullptr,
int  yearsValid = 1,
AltNameEntry  altNames[] = nullptr,
int  altNameCnt = 0 
)

Generates a new self-signed certificate that will be stored on the device.

The common name and alternative names used are taken from the parameters passed in.

By default, the certificate is generated using ECC with SECP384R1. This can be changed to an RSA key by undefining ENABLE_ECCKEY_CREATE in <nndk_install>\libraries\crypto\platform\<module name>\user_settings.h, and then rebuilding your application. To specify what curve or RSA key length is used in certificate generation, define DEFAULT_KEY_TYPE as one of the values defined by SslKeyType_t.

Parameters
common_nameA pointer to the buffer containing the common name to be used in the certificate
yearsValidHow long the certificate will be valid for. The default is 1 year.
altNamesAn array of alternate name entries to add
altNameCntThe number of alternate names entries being added by altNames
Returns
CertGenReturnCode