Jump to content
c4forums | The Control4 Community

Spades

c4Forums Member
  • Posts

    4
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Spades's Achievements

  1. Hey, thank's for the great response! My motivation for having each device create its own root certificate is to mitigate the risk of a compromised device allowing an attacker to access a root cert or signing cert that would allow them to manufacture certificates that would be trusted. This might ultimately be an unwarranted fear. I agree that the CN checking is pointless in this environment, but I am not sure if Control4's built in TLS can support verifying the certificate while ignoring any sort of hostname verification. With certificate pinning and using Control4's TLS implementation, the connection would still follow whatever verification is done on the certificate. I guess all Peer Verification could be skipped, and the pinned certificate could be checked. Do you know of an API that exposes the Servers Certificate to the application to compare against a pinned certificate?
  2. No I don't, This question is more about how this is handled in a generic system as this is for a device driver that other's will use.
  3. Hey, I'm curious about the best way to handle installation of certificates, as well as what level of verification occurs. 1) Each IoT device will create its own root certificate that will need to be installed into the driver. Is it possible to put the root certificate into the driver at setup-time? 2) Does the control4 hub verify the hostname / IP of the connection with the hostname defined in the certificate? If so, is it possible to disable this part of the check, as it is possible for the devices IP to change over the lifetime of the device and generating a new certificate can be problematic. If it's not possible to disable hostname verification, does the Control4 hub fall-back onto Common Name checks if there are no Subject Alternative Name's defined?
  4. Hey, I'm curious about the best way to handle installation of certificates, as well as what level of verification occurs. 1) Each IoT device will create its own root certificate that will need to be installed into the driver. Is it possible to put the root certificate into the driver at setup-time? 2) Does the control4 hub verify the hostname / IP of the connection with the hostname defined in the certificate? If so, is it possible to disable this part of the check, as it is possible for the devices IP to change over the lifetime of the device and generating a new certificate can be problematic. If it's not possible to disable hostname verification, does the Control4 hub fall-back onto Common Name checks if there are no Subject Alternative Name's defined?
×
×
  • Create New...