Programming Certificates TCP-SSL/TLS

AT Command Options when Using TCP-SSL/TLS

1. Selecting Active Certificate Set  

Use the ‘PF’ command to select which certificate is active for TCP_TLS.  There are 3 certificate sets that can be selected. This selection sets which  set is active for a TCP-TLS connection and for programming via the ‘PG’ command.

2. Options for Programming a Certificate Set (RootCA, Certificates and Keys) 

a. Use the eS-WiFi Demo tool to add the RootCA, Certificate, and Key to the bin file and then flash the module with the new bin file.

b. Use the eS-WiFi Demo tool and the ‘PG’ command to write the RootCA, Certificate, and Key into the flash on the module.

c. Use the Host microprocessor and the ”PG’ command to write the RootCA, Certificate, and Key into the flash on the module.

Note:  f you want to verify that the certificate set with ‘PG’ command is programmed correctly, write the same RootCA, Certificate, or Key to the same certificate set and the result will be a match or an error.

  * Please note that the certificate sets are OTP (One Time Programmable). Once all sets have been programmed the only way to clear them is to flash a complete  firmware (not just an update firmware).  To create a TCP SSL/TLS eS-WiFi image please download the Inventek eS-WiFi demo application and follow this procedure

3. Verification Options  

a. The ‘P9’ command sets the verification options for a TCP-TLS connection.

0 – No verification, uses the Certificate and Key supplied by the server.

1 – Optional Simple Context), uses the Certificate and Key supplied by the server, if a RootCA is program for the Certificate set it will be used to verify the server certificate.

2 – Required (Advance Context), uses the RootCA, Certificate, and Key in the certificate set to verify the server certificate and for the communication.
Product Note TCP-SSL/TLS Programming Certificates

TLS CA/Certificate/Key Example

PF=0       //Certificate set 0

PG=0,0,<length>,<Root CA data bytes>  //RootCA

PG=0,1,<length>,<Cerificate data bytes> //Certificate

PG=0,2,<length>,<Key data bytes>  //Key

  TLS Client Examples:

Client to TLS Server, with server sending certificate and key to client (ex. Web Email)

P1=3       //TCP SSL/TLS

D0=<server domain or IP address>  //Get IP address of server

P4=<server port>     //Server port*

P9=0       //No Verification P6=1       //Start

Client to TLS Server, with RootCA verification

P1=3       //TCP SSL/TLS

D0=<server domain or IP address>  //Get IP address of server

P4=<server port>     //Server port*

P9=1       //RootCA (if programmed)

P6=1       //Start

Client to TLS Server, with certificate verification

P1=3       //TCP SSL/TLS

D0=<server domain or IP address>  //Get IP address of server

P4=<server port>     //Server port*

P9=2       //Verification P6=1       //Start

*Note:  The port numbers in the range from 0 to 1023 are the well-known ports or system ports. They are used by system processes that provide widely used types of network services.  Port 443 is the official Hypertext Transfer Protocol over TLS/SSL (HTTPS).

2017-09-06T18:48:35+00:00 2018-06-07T00:10:38+00:00