Hello Guys,


I see there are code lines to parse the certificate xml configuration file in rdkb/components/opensource/ccsp/CcspTr069Pa/source-embedded/Ssp/ssp_ccsp_cwmp_cfg.c.

CcspTr069PaSsp_LoadCfgFile


        pChildNode = (PANSC_XML_DOM_NODE_OBJECT)
            AnscXmlDomNodeGetChildByName(pRootNode, CCSP_TR069PA_CFG_Name_Certificates);
        if ( pChildNode != NULL) {
            CcspTr069PaSsp_XML_GetOneItemByName(pChildNode, CCSP_TR069PA_CERTIFICATE_CFG_Name_dev, &openssl_client_dev_certificate_file);
            CcspTr069PaSsp_XML_GetOneItemByName(pChildNode, CCSP_TR069PA_CERTIFICATE_CFG_Name_pkey, &openssl_client_private_key_file);
        }

but I did not see any where to use the global variable openssl_client_dev_certificate_file and openssl_client_private_key_file. Could you please help to explain if something I missed?

Does CcspTr069Pa support Server side to verify the device certificate?

Thank you!

  • No labels

3 Comments

  1. Tang Heming

    after some investigation, it's confirmed that the source code of TR069Pa does not support the device cert.

    We need to adapt the code by ourselves.

  2. sipra samantray

    If you have https support then the certificate must be installed at - /etc/cacert.pem

  3. Tang Heming

    Hello sipra samantray 

    /etc/cacert.pem, this is the root CA for the certification for ACS Server side.

    My meaning is the certification for the CPE device.

    After my investigation, the RDKB source code dose not support the certification for the CPE device even if there is an entrance in the xml file.