帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Support of CDP/OCSP for SE050 certificates revocation

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

Support of CDP/OCSP for SE050 certificates revocation

跳至解决方案
‎02-12-2023 05:43 PM
1,583 次查看
kei_odagiri
Contributor III

I have got a thing to get through about SE050 certificates revocation.

I have known the two intermediate CA was revoked due to receiving NXP's notification. According to the SE050 configurations (AN12436), the certificates named "Cloud Onboarding ECC, SE050C1/SE050C2" have been revoked. I have checked the leaf certificates which were extracted from SE050C1 and downloaded from NXP. These certs don't include the fields such as CPD, OCSP to manipulate certificate revocation. Actually, I tried making my device connect to AWS iot core with the leaf certificate, then it worked to connect to AWS iot core. At first I expected a behavior in which my device with the certificate will be rejected by AWS.

Questions:

1. Currently are you supporting CDP/OCSP server?

2. If not supported, I'd like to know how I can handle this intermediate CA revocation. Especially about connection authentication for cloud service.

Kei Odagiri

Atmark Techno,Inc.

0 项奖励
回复
1 解答

跳至解决方案
‎02-13-2023 01:18 AM
1,556 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @kei_odagiri ,

 

No, we are not supporting CDP/OCSP server, but for your case, you may use other trusted certs inside the SE05x for AWS application, just as mentioned in https://www.nxp.com/docs/en/application-note/AN12404.pdf , the untrusted certs might still be ok with AWS but not recommended at all.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

在原帖中查看解决方案

0 项奖励
回复
2 回复数

跳至解决方案
‎02-13-2023 01:18 AM
1,557 次查看
Kan_Li
NXP TechSupport
NXP TechSupport

Hi @kei_odagiri ,

 

No, we are not supporting CDP/OCSP server, but for your case, you may use other trusted certs inside the SE05x for AWS application, just as mentioned in https://www.nxp.com/docs/en/application-note/AN12404.pdf , the untrusted certs might still be ok with AWS but not recommended at all.

 

Hope that makes sense,

 

Have a great day,
Kan


-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

0 项奖励
回复

跳至解决方案
‎02-13-2023 04:45 PM
1,546 次查看
kei_odagiri
Contributor III
Thank you.
0 项奖励
回复