I am trying to access an HTTPS url which my company controls with a SCM20260E. According to my coworker, apache doesn’t care about the certificate that my device is sending it, however if I do not use the matching certificate, then the webRequest.GetResponse() function fails at the internal library function “AuthenticateAsClient()”. I tried simply not providing an X509Certificate so that webRequest.HttpsAuthentCerts would be null, but that also fails the “AuthenticateAsClient()”. Is there any way to connect to an HTTPS url without providing a root certificate?
It might be possible but what is the benefit?
Gus,
We have devices that sit out in the field at customer sites for years. In order to download updates over the air, these devices need access to our servers. Our servers currently have a redirect from HTTP to HTTPS for security reasons, so HTTP will not work. Using a certificate following the methods outlined on the TLS client tutorial here: TLS Client, HTTPS will work when we install the latest firmware, but our certificates are only valid for a year, so if we wanted our units to be able to be updated over the air, we would have to update the certificate within the project properties to be valid again. This would require an annual update of tens of thousands of devices, which we would rather avoid, both for version number, and logistical reasons. The solution that we came up with was to see if TinyCLR could simply accept any certificate given to it and then it could receive update data over the HTTPS connection. We understand that security would be a concern here, but this is the path forward that my superiors have decided on. Please let me know if such a thing is possible so that I can either make the necessary changes in order to enable this behavior, or report back to my manager that it is not possible.
Makes sense. We will look to see if this is possibly next week.
Gus,
I appreciate it, thank you very much!
I think it is possible to add an “ignore certificate validation” option, but the security level will not be as high as it should be.
However, this would require changes in the next firmware release. There is no such option in the current release.
I am aware that the security level will be lowered, however it would be enormously helpful to me if you could add an option for it in the next firmware release!