Pki.StoreX509RootCert

Every security level that should be usable with the PKI must be provided with a root certificate. The certificate chain provided in the Pki.PfsAuthHostCert command will be verified against this root certificate.

The root certificates must comply with the following limitations:

A sample certificate matching all these limitations is the following:

30 82 01 9D 30 82 01 43 A0 03 02 01 02 02 01 01 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 41 31 19 30 17 06 03 55 04 03 0C 10 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 31 11 30 0F 06 03 55 04 0A 0C 08 45 71 75 69 74 72 61 63 31 11 30 0F 06 03 55 04 07 0C 08 57 61 74 65 72 6C 6F 6F 30 1E 17 0D 30 30 30 31 30 31 30 30 30 30 30 30 5A 17 0D 33 38 30 31 31 39 30 32 31 34 30 37 5A 30 41 31 19 30 17 06 03 55 04 03 0C 10 52 6F 6F 74 20 43 65 72 74 69 66 69 63 61 74 65 31 11 30 0F 06 03 55 04 0A 0C 08 45 71 75 69 74 72 61 63 31 11 30 0F 06 03 55 04 07 0C 08 57 61 74 65 72 6C 6F 6F 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 B0 13 B7 1F A6 61 47 8E 8D 2F FC C0 36 17 C0 51 5D 2A 39 C5 67 15 1A E3 85 2A 3B 9C 2E 93 FA 41 0A B5 F3 66 62 6A F8 04 D7 0E D1 DB 7A 2D 36 26 0A A5 77 D2 9C D4 65 24 70 DF 9A 74 40 C2 A7 B1 A3 2C 30 2A 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 17 06 09 2B 06 01 04 01 82 DE 55 01 01 01 FF 04 07 03 05 00 08 00 10 80 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 48 00 30 45 02 21 00 BB 42 BB 32 8C D5 68 39 E9 40 28 10 5F 63 E1 52 9A 63 06 BF B2 69 03 0A F8 9D A5 56 95 CF 0F B2 02 20 35 D6 FF 5C 9A 42 D9 85 5E F3 16 DA 7A 53 19 F7 74 81 A4 54 B3 D4 C9 74 26 78 D2 1D 11 52 2D 2A

This sample certificate can be decoded using the following online tool: https://redkestrel.co.uk/products/decoder/

Furthermore, the access conditions mask of the security llevel running the Pki.StoreX509RootCert command has to allow setting the corresponding key (SEC_SETKEY1, SEC_SETKEY2 or SEC_SETKEY3 bit of the access condition mask must be set).

This command needs a long timeout, since the ECC operations may take up to 15 seconds.

Properties

Parameters (request frame)

Name Type/Size Description
SecLevel Integer (8 bits) Security level (1-3), for which the root certificate should be stored.
Length of Cert Integer (16 bits) Length of Cert in bytes
Cert Raw data X.509 root certificate encoded in ASN.1 DER format.

Returned values (response frame)

None