beautypg.com

Zilog EZ80F91AZA User Manual

Page 48

background image

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

42

{

2,

// 2 certificates in this chain

BASE64_DER_ENCODED_DATA,// All certs & keys are in PEM format

NULLPTR,

//

Created by SSL layer when the chain is parsed

{key_data, sizeof(key_data)-1},

// Private Key

{ {cert_data, sizeof(cert_data)-1},

// Subject Certificate

{cert2_data, sizeof(cert2_data)-1},

// Issuer's Certificate

{NULLPTR, 0},

{NULLPTR, 0} }

};

The first member of the

CERT_CHAIN

structure indicates the number of certificates in the

chain (must be between one and four, inclusive).

The second parameter specifies the encoding of all certificates and the subject’s private
key. Valid options are

BASE64_DER_ENCODED_DATA

(or, equivalently,

PEM_ENCODED_DATA

) or

DER_ENCODED_DATA

.

The third member of the

CERT_CHAIN

data structure contains a pointer to a data structure

that the SSL protocol uses to parse information in the server’s certificate. This parameter
must always be set to

NULLPTR

when an application initializes a

CERT_CHIAIN

data

structure.

The fourth member is a structure pointing to the first byte of the private key and to the
length (in bytes) of the private key data.

The last member of the

CERT_CHAIN

is an array of (pointer, length) tuples that references

the first byte of data in an X.509 certificate and the number of bytes of data in the X.509
certificate.

Generating Certificates

While developing an SSL-based application, either use one of the sample certificates and
private key included in the

SSLDemo

folder, or create a new certificate and private key. To

create a new certificate, it is necessary to obtain a third party tool. Zilog does not recom-
mend or endorse any Certificate Authorities or third party utilities for the purpose of gen-
erating certificates and key pairs. However, for informational purposes, this section
describes how to generate a certificate chain using OpenSSL (refer to

www.openssl.org

).

The ZTP Network Security SSL Plug-In does not contain any utilities to generate public/
private key pairs or generate X.509 certificate. Prior to putting a product into production,
you should contact a certificate authority to request a signed X.509 certificate (and if

Note:

This manual is related to the following products:
See also other documents in the category Zilog Sensors: