Topic: Best practice for certificate/key management on embedded devices

Hi everyone,

This is a question regarding SSL in general:

We plan to enable HTTPS for our embedded devices web interface.

A1. The device usually operates in a (somehow) closed local network (at least that is what we advise our customers to do).
A2. One customer may also operate multiple of those devices in that network.
A3. The devices "local" domain ("xxxxx.local") and its IP address is configurable and hence not static for one given device.

A3) requires the devices server certificate to be generated with every startup of the device (to take a changed domain and/or IP into account). The devices private key is also generated on startup.

Since we do not want our customers to get a "insecure connection" warning every time he connects to the device and the certificate will change on every device startup we have to sign the servers certificate with a trusted Root CA (which would be a self singed CA created by us).

All devices shall use the same Root CA. Otherwise the customer would have to import the Root CA for every single device (and not just one for ALL devices). That would mean we have to store the "Root CA"s private key on the device (to be able to sign the server certificate).

And that is what I don't have a good feeling about!

Do you have any idea how to handle that problem?!

One idea would be: we'll have an "Intermediate CA" which will be unique for every device and will be created and signed by our "global" Root CA on production. So, the only private key we have to store on the device would be the unique key for the "Intermediate CA" (which will then be used to sign the actual server certificate).

Would that be sufficient (i.e. asap - as secure as possible) for the given scenario?

I'm sorry if the above description is somehow "muddled".

Thanks and greetings,


Re: Best practice for certificate/key management on embedded devices

Hi tdoering,

Thanks for the excellent question and details.

Yes having an intermediate CA for each device, which generated and signed by a root during manufacturing is a very good solution.

The server certificate for the TLS server should present a cert chain with the server peer certificate first, then the intermediate cert. If the public root CA is loaded on the key store/browser then this will be a valid certificate chain.

We have an example for creating a server certificate at runtime here:

You can find examples for creating a cert request and having it signed here: … st.c#L8900

Let me know if you have any issues or questions.

David Garske, wolfSSL


3 (edited by abanana 2018-05-31 08:27:55)

Re: Best practice for certificate/key management on embedded devices

What about when on-device certs expire?  Seems like you need to support a way to "phone home" for cert updates.

Or let the customer generate certs.  Either kick off a new cert generation with the help of the box.  Or let the customer download his own cert (self-signed or otherwise).  Ensuring security of whatever the process is will be a part of this answer, but it's separable from the actual details of cert generation / updates.

Maybe I'm missing something and need a "big picture" summary.