Cumulocity IoT Feedback Portal
Add new feedback Subscribe
Status Added/Resolved 🎉
Workspace Cumulocity IoT Platform Services
Categories Authentication & Authorisation
Created by Guest
Created on Jul 26, 2022

RELATED FEEDBACK

API-function for checking the accepted length of the chain of X509-certificates

Excerpt from https://cumulocity.com/guides/10.11.0/device-sdk/mqtt/#device-certificates :

“If these device certificates are signed by the customer certificate, then the platform should trust them too. In this case, every device should send not only its own certificate, but the whole chain of certificates (so-called chain of trust) during the SSL handshake.”

...

“Creating an intermediate certificate

… Keep in mind that in the Cumulocity IoT cloud the maximum length of the chain of certificates is currently restricted to 2 for security reasons, so you cannot use any intermediate certificate between your CA certificate and the device certificate there. …”

  • Attach files
  • Admin
    Jane Porter
    Reply
    |     Mar 9, 2023

    Hi Carsten,

    Thank you for submitting this Idea and my apologies it was not responded to in a reasonable timeframe.

    The good news is that in 10.16 we have delivered a feature called proof of possession and have increased the acceptable chain length to 10 in line with the recommended standard in SSL.

    Please let me know if this now meets your needs

    Regards, Jane.