Difference between Self-Signed CSR and Digicert CSR?

I do not understand how CSRs work. Will a self-signed CSR function on a public AWS EC2 instance?

If I need to use a certificate-issuing authority, I'll probably use Let's Encrypt as it is a free Certificate Authority.  I'm planning to use this for TLS for SECT on AWS unless anyone forsees any problem with it.

  • Hi codetricity,

    I'm not really familiar with this but as far as I know, Certificate Signing Requests or CSRs are used to order SSL certificate. Digicert is one of the recommended certificate provider. About self-signed CSR, it was just recommended for testing purposes and I believe there are limitations or disadvantages when using self-signed CSR. You can refer in this link:

    www.sslsupportdesk.com/.../
    www.digicert.com/csr-creation.htm

    JB
    RenesasRulz Forum Moderator
  • In reply to JB:

    JB, thanks for your help. I progressed a bit more.  Right now, I'm using a self-signed CSR. When I go to my SECT Dashboard on AWS, I get the response below.

    If I click on ADVANCED, I then get the option to go to my test server.

    At this point, I can access my SECT Dashboard on AWS.

     

    I can also log in.

     

    At this point, I'm still trying to figure out how to point my S5D9 to my new SECT dashboard server.

    This code in HTTPClientSample.h looks promising

    /* Staging server */
    #ifdef STAGING_SERVER
    #define BOOT_URI "sect.k2-inc.com/.../bootstrap"
    #define BOOT_CONFIRM_URI "sect.k2-inc.com/.../confirm"
    #else
    #define BOOT_URI "cloud.renesassynergy.com/.../bootstrap"
    #define BOOT_CONFIRM_URI "cloud.renesassynergy.com/.../confirm"
    #endif

     

    Is anyone using the AE-CLOUD1 kit with their own deployment of the SECT Dashboard? If so, can you give me some hints how I can configure the S5D9 to go to the new server.

     

  • In reply to codetricity:

    There are three changes needed to use your own server with a self-signed cert:

    1. Add a -DSTAGING_SERVER to the e2Studio project config under pre-processor defines for the C/C++ compiler.
    2. Change the staging server URL in the HTTPClientSample.c file as you have identified above.
    3. You then need to replace certificate in the https_ca_cert_der[] array defined in in src/certificates/staging_server.h with your own self-signed certificate used by your server.

    This should get the device to trust the self-signed certificate and connect to your dashboard.

    Alternatively, if you use a cert signed by Lets Encrypt, then the project already has the root CA defined and all you need to do is step #1 and step #2.

    Hope this helps.

    -Ranjit