Technical information
Nonvolatile Parameter Database
2-190 AT+i Commands Reference Manual May 31, 2008
+iCERT - Define SSL3/TLS1 Certificate
+iPKEY - Define W24's Private Key
Syntax: AT+iCERT=ct
Set W24's SSL3/TLS1 certificate.
Some SSL3/TLS1 servers require the client side to authenticate its
identity by requesting the client to provide a certificate during the
SSL socket negotiation phase. This is called "client side
authentication". If the CERT parameter contains a certificate, W24
provides it to the server upon request. W24 also needs a private key
(see PKEY parameter) in order to encrypt its certificate before
sending it to the server. In addition, the certificate should be signed
by a certificate authority accepted by the server for the client side
authentication to succeed.
Parameters: ct = PEM format DER-encoded X509 Certificate.
Command Options:
ct =<CR><CR> Empty: No trusted certificate authority.
ct =<cert> cert is used as W24's certificate during client side authentication.
The certificate must be signed by a certificate authority acceptable
by the server.
W24 expects cert to be multiple lines separated by <CR>,
beginning with:
-----BEGIN CERTIFICATE-----
and terminating with:
-----END CERTIFICATE-----
Default: Empty. No trusted Certificate Authority defined.
Result Code:
I/OK If ct is an empty or legal certificate.
I/ERROR Otherwise.
AT+iCERT? Displays current certificate contents. If the trusted certificate is
empty, only <CRLF> is returned. The reply is followed by I/OK.
AT+iCERT=? Returns the message "String". The reply is followed by I/OK.
Syntax: AT+iPKEY=pky
Set W24's private key.
The private key is required to perform an RSA encryption of its
certificate (see CERT parameter) when performing client side
authentication. Special care should be taken to protect private key
contents from unauthorized parties. For this reason, once the
private key is stored on W24, it cannot be read - only erased or
overwritten.