I have got a thing to get through about SE050 certificates revocation.
I have known the two intermediate CA was revoked due to receiving NXP's notification. According to the SE050 configurations (AN12436), the certificates named "Cloud Onboarding ECC, SE050C1/SE050C2" have been revoked. I have checked the leaf certificates which were extracted from SE050C1 and downloaded from NXP. These certs don't include the fields such as CPD, OCSP to manipulate certificate revocation. Actually, I tried making my device connect to AWS iot core with the leaf certificate, then it worked to connect to AWS iot core. At first I expected a behavior in which my device with the certificate will be rejected by AWS.
Questions:
1. Currently are you supporting CDP/OCSP server?
2. If not supported, I'd like to know how I can handle this intermediate CA revocation. Especially about connection authentication for cloud service.
Kei Odagiri
Atmark Techno,Inc.
Solved! Go to Solution.
Hi @kei_odagiri ,
No, we are not supporting CDP/OCSP server, but for your case, you may use other trusted certs inside the SE05x for AWS application, just as mentioned in https://www.nxp.com/docs/en/application-note/AN12404.pdf , the untrusted certs might still be ok with AWS but not recommended at all.
Hope that makes sense,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------
Hi @kei_odagiri ,
No, we are not supporting CDP/OCSP server, but for your case, you may use other trusted certs inside the SE05x for AWS application, just as mentioned in https://www.nxp.com/docs/en/application-note/AN12404.pdf , the untrusted certs might still be ok with AWS but not recommended at all.
Hope that makes sense,
Have a great day,
Kan
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------