Page History
| Table of Contents |
|---|
Overview
This document provides comprehensive guidance for integrating rdk-cert-config with the xconf-client and xconf-server ecosystem. The rdk-cert-config library provides intelligent certificate management and selection capabilities for RDK devices, enabling:
- Automatic Certificate Fallback: When a certificate fails, the system automatically tries the next available certificate
- State Tracking: Failed certificates are remembered and won't be retried until updated
- Multi-Certificate Support: Supports PEM, P12, and PKCS#11 certificate formats
- Hardware Security Module Support: Can integrate with Secure Elements (SE) and Trusted Execution Environments (TEE)
- OpenSSL Provider Integration: Supports hardware-optimized certificate operations
Repo - https://github.com/rdkcentral/rdk-cert-config
What is RDK-CERT-CONFIG
Architecture
rdk-cert-config repo provides two main libraries:
1. CertSelector (Recommended)
Purpose: Intelligent certificate selection with automatic failover
Key Features:
- Returns the best available certificate for a given connection type
- Tracks certificate validity state
- Automatically skips failed certificates until they're updated
- Returns both certificate URI and password/credential
- Supports OpenSSL engine selection for hardware acceleration
API Methods:
| Code Block |
|---|
rdkcertselector_h rdkcertselector_new(const char *config_path,
const char *hrotprop_path,
const char *cert_group)
rdkcertselectorStatus_t rdkcertselector_getCert(rdkcertselector_h handle,
char **cert_uri,
char **cert_pass)
rdkcertselectorRetry_t rdkcertselector_setCurlStatus(rdkcertselector_h handle,
unsigned int curl_status,
const char *endpoint)
void rdkcertselector_free(rdkcertselector_h *handle) |
2. CertLocator (Alternative)
Overview
Community Forums
Content Tools
Tasks