Hi @prabhunath_gupt ,
Indeed the A71CH is offered off-the-shelf pre-provisioned so that OEMs are not required to program any additional credentials to onboard their devices to Watson IoT. if your customer doesn't want to extract the certificates from the secure element, then they have to provision their devices with device-individual credentials. Is this the way they prefer to ? Please kindly clarify.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi Kan,
Thanks for your response.
We have gone through the application note "A71CH for secure connection to IBM Watson IoT" and found there are two types of A71CH as below.
As per section 4 which is related to the "A71CH Customer Programmable" type, NXP provides C client library source code(iot-nxpimxa71ch-c), and it contains some examples and certificates provisioning script. We have gone through one example "samples/gatewaySample.c" and found there is one API available in "src/iotfclient.c" file which fetch the certificates from the secure element and store the same in the file system.
Please find the below queries based on the above understanding.
The key point is to integrate the secure element communications with the IBM cloud and create an end to end TLS communication and avoid to extract the certificate from the secure element. for this, it is necessary to have A71CH SDK integration with the IBM cloud, Please direct us to the SDK which supports IBM cloud integration in a secure way.
Hello @prabhunath_gupt ,
The Plug&Trust MW comes with two OpenSSL Engine implementations, both implementations support OpenSSL 1.1.1:
SSS API based (A71CH SSS OpenSSL Engine)
A71CH Legacy API based (A71CH Legacy OpenSSL Engine) Does this version meet your requirement? Please kindly clarify.
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Dear Nxp Team,
We are waiting for your response to the above query please provide some inputs on this.
Do let us know if any other information required.