Skip to Main Content
Cumulocity IoT Feedback Portal
Status Added/Resolved 🎉
Created by Guest
Created on Jul 26, 2022

API-function for checking the accepted length of the chain of X509-certificates

Excerpt from :

“If these device certificates are signed by the customer certificate, then the platform should trust them too. In this case, every device should send not only its own certificate, but the whole chain of certificates (so-called chain of trust) during the SSL handshake.”


“Creating an intermediate certificate

… Keep in mind that in the Cumulocity IoT cloud the maximum length of the chain of certificates is currently restricted to 2 for security reasons, so you cannot use any intermediate certificate between your CA certificate and the device certificate there. …”

  • Attach files
  • Admin
    Jane Porter
    Mar 9, 2023

    Hi Carsten,

    Thank you for submitting this Idea and my apologies it was not responded to in a reasonable timeframe.

    The good news is that in 10.16 we have delivered a feature called proof of possession and have increased the acceptable chain length to 10 in line with the recommended standard in SSL.

    Please let me know if this now meets your needs

    Regards, Jane.