Topic: Best practice for certificate/key management on embedded devices
This is a question regarding SSL in general:
We plan to enable HTTPS for our embedded devices web interface.
A1. The device usually operates in a (somehow) closed local network (at least that is what we advise our customers to do).
A2. One customer may also operate multiple of those devices in that network.
A3. The devices "local" domain ("xxxxx.local") and its IP address is configurable and hence not static for one given device.
A3) requires the devices server certificate to be generated with every startup of the device (to take a changed domain and/or IP into account). The devices private key is also generated on startup.
Since we do not want our customers to get a "insecure connection" warning every time he connects to the device and the certificate will change on every device startup we have to sign the servers certificate with a trusted Root CA (which would be a self singed CA created by us).
All devices shall use the same Root CA. Otherwise the customer would have to import the Root CA for every single device (and not just one for ALL devices). That would mean we have to store the "Root CA"s private key on the device (to be able to sign the server certificate).
And that is what I don't have a good feeling about!
Do you have any idea how to handle that problem?!
One idea would be: we'll have an "Intermediate CA" which will be unique for every device and will be created and signed by our "global" Root CA on production. So, the only private key we have to store on the device would be the unique key for the "Intermediate CA" (which will then be used to sign the actual server certificate).
Would that be sufficient (i.e. asap - as secure as possible) for the given scenario?
I'm sorry if the above description is somehow "muddled".
Thanks and greetings,