There is an embedded device which acts a client. It communicates to a server via

Question

There is an embedded device which acts a client. It communicates to a server via POST method whenever it has any data to be transmitted to the server.

Embedded device: 1. Acts a Client 2. Does not have any browser capability 3. Cannot be accessed by the user directly.
The data is availabe on the server if the user was to monitor.

We might be having a scenario as explained below:

1. There is a main server which in turn has child servers.
2. For each child server, the embedded devices will be connected
3. The embedded devices connected to the child servers can be moved to other child server or main server by sending a command from the current server (change in the end points)
4. So during the SSL handshake process, there will a certificate from the server coming to the device.

So the query is

Which & whose root CA certificate should be stored in the embedded device (main or child servers)

Explanation / Answer

For the scenario you described you should have the root certificate of the main server sign the child server certificates. The embedded devices would then store the main server's root certificate.

In this way any child server could connect to an embedded device, and the embedded device would trust it because the certificate chain is trusted.

I would then create an SSL certificate for the main server signed by it's root certificate. This certificate would be used for when embedded devices are connected to the main server rather than a child server.

Related Questions

Navigate

• Browse (All)
• Browse T
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.