tags:

views:

55

answers:

2
+4  Q: 

Certificates for SSL-enabled embedded systems

I have an embedded system that I expect to be in use for the next 15 years or so, and it has an https-based administration console. From what I understand:

  • If I have a self-signed certificate, web browsers will complain.
  • If I have a CA-signed certificate, it will expire fairly soon over the lifetime of the product, and web browsers will complain.

Is there any way to have a long-life certificate so browsers won't complain, or is it necessary to release new firmware every time the certificate expires over the life of the product? Or provide a way for the users to load a new certificate?

+1  A: 

Geotrust issues certs for up to 6 years.

I would probably build a firmware update mechanism in anyway in case your issuer (or someone along the line) is compromised and gets added to the Certificate Revocation List.

Is your device expected to be connected to the internet? Building a re-issue process so that it can get a new, trusted cert every few years via the network shouldn't be too hard.

If your security model would allow you to use a self-signed cert, have you considered why you are encrypting the communication at all? A non-trusted cert (and teaching users to ignore the warning) is as bad (or worse) than no encryption at all in many cases.

As an aside, I really hope you're not planning on rolling out the exact same cert to every device you construct. If so, and you have a download process that makes the cert available to the general public via firmware updates, you're back to square 1 of having communications easily spoofed.

Paul McMillan  2010-06-05 00:06:34
+3  A: 

This could be one of the rare cases where a self-signed certificate is the correct approach. How many people will need to administer the box? I would think few, and part of the deployment of the box would be to have the certificate installed into the truststore of the administrator's browser.

GregS  2010-06-05 00:43:32
You're right for my specific device that only a couple specialized people will ever admin the box or log in via https to monitor it. We already ship with self-signed certs, but I wasn't sure what others do.
indiv  2010-06-07 19:07:27

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL