Reputation: 715
What are dangers of using SSL certificates in embedded systems?
I'm working on an embedded system that performs requests to a REST API with HTTPS. In my understanding, the SSL certificate of the server is verified using a bundle of trusted certificates stored locally. In my case they are in a Debian-based package called ca-certificates. This package is from 2019 so I wonder if I have to worry about this package being obsolete one day. If yes, when?
Upvotes: 1
Views: 518
Answers (1)
Reputation: 123461
This package is from 2019 so I wonder if I have to worry about this package being obsolete one day. If yes, when?
The CA certificates in the package have a limited life time. For details look at the expiration times in the specific certificates. Also new publicly trusted CA might be added or less trusted ones removed.
In general it might not be a good idea in the first place to simply trust all public CA in your embedded system in the first place. If there is a fixed endpoint for your device than certificates and CA used there should be trusted instead of the whole world. When doing this the problem gets also smaller, i.e. you only have to worry about the specific CA used and not arbitrary changes to the trusted CA store.
Upvotes: 2
Related Questions
- What is an embedded system? Can Mobile be considered as an embedded product?
- SSL web enabled embedded device
- Open X509 certificate with OpenSSL on embedded system without file system
- Using SSL without a certificate
- Advanced SSL: Intermediate Certificate Authority and deploying embedded boxes
- does it required to have individual server SSL certificate for each embedded device?
- SSL algorithms for embedded device
- Certificates for SSL-enabled embedded systems
- How to move from microcontrollers to embedded linux?
- Embedded webserver and certs