Is loading of the certificates a must for HTTPS communication?

No, there are 3 ways you can do the https connection:

 

  1. In the first method, all we do is set the date and time on the module and GainSpan firmware will just validate incoming server certificate expiry date. In this case, when the server sends the server certificate and CA, the GS Node will check the certificate expiry date and see if it falls within  range , if so extract the public key and  goes ahead and with the connection process or gives error indicating certificates expired.

 

  1. In the second method, we load the CA certificate on the GS Node using at+tcertadd command and when the https connection is requested, the server will send its server certificate along with the CA certificate. In this case, along with the server certificate expiry date validation, we authenticate the incoming CA for signature with the one which we have loaded before going ahead with the connection.

  

  1. In the third method server does the client validation also and hence along with loading the CA certificates, we also load the client certificate and client key. In this case the server sends the certificate as well as request for client certificate which it validates (Mutual Authentication).
Powered by Zendesk