Firmware 1.3 - Out of the box alternative CA (default device)

[supercop89]

Dear community,

can someone please tell me which certificate issuer works out of the box with firmware 1.3?

With some we get "unknown certificate authority" every time.

Maybe an expert has the working alternative to lets' encrypt which works from the default device without changes.

BR

[dark_pyrro]

Not sure what your asking for. In what way does this question differ from the one you've already asked about certificates on the Croc? If not Lets Encrypt related, what CA are you referring to?

[supercop89]

On 5/8/2023 at 9:05 AM, dark_pyrro said:

Not sure what your asking for. In what way does this question differ from the one you've already asked about certificates on the Croc? If not Lets Encrypt related, what CA are you referring to?

 Ok i will describe the situation again and maybe you know some little approach to get access to the keycroc. Hopefully it's clear what i mean.

The keycroc is a default product with no updated certificates. The arming mode is enable dbut doesn't accept our password (i'm sure it's correct) and ssh server is disabled.

Therefore it's not possible to start the arming mode BUT we uploaded the device.config for the C2 before and see that the keycroc tries to connect via https port (binary flag -https).

Unfortunately with the https flag (let's encrypt) the logs show "remote error: tls: expired certificate" and the keycroc has no connection to the cloud. No connections means that it's not possible to start a reverse ssh connection (rescue plan to disable arming mode).

So a plan could be to create some certificate (<> lets'encrypt) for the server where the keycroc ca's are default on the device.

We need that connection just once to connect back via SSH.

I hope that my clarification was ok to comprehend the issues.

 

[dark_pyrro]

I can't see how that would be possible if you can't access the Croc and prepare it for that type of connection. Just having a CA cert on the Croc won't do the job.