Q: SSL certificate and private key file format (PEM vs. DER)?

ubiq_01 · Jan 18, 2017, 4:15 PM

Hello Daniel, dear all

does the SSL implementation support client authentication as well (using the code below that works on standard Python)

c=ssl.wrap_socket(s,
keyfile="client.key.pem",
certfile="client.crt.pem",
ca_certs="ca.crt.pem",
cert_reqs=ssl.CERT_REQUIRED)

and what is the format for the certificates and private key? Can .pem be used or does it have to be .der? Or are both supported?

best regards
Ralf

ubiq_01 · Jan 19, 2017, 1:45 PM

Hello Daniel,

many thanks! I successfully tested the stuff for a https POST with certificate based client authentication on an older (0.9.7.b1) firmware.
https://twitter.com/_rac01/status/822072047937404931

best regards
Ralf

daniel · Jan 18, 2017, 5:58 PM

Hello Ralph,

We use mbed TLS and both formats (PEM and DER) are supported. You can use the standard Python API as you suggest. However, due to lack of memory, certificate validation doesn't work since we enabled Bluetooth and we are still working on a solution.

Cheers,
Daniel

Explore Pybytes | Official Documentation | Report a Firmware Bug/Issue | GitHub

Q: SSL certificate and private key file format (PEM vs. DER)?

Pycom on Twitter