As per official documentation, sample application requires concatenation of 2 CA certificates. However, only one file location is mentioned which is “Set the TLS root CA certificates: Copy-paste the content of Middlewares\Third_Party\GCP\samples\STM32Cube\globalsign_usertrust.pem. The device uses it to authenticate the remote hosts through TLS.�?
- For the HTTPS server, which is used to retrieve the current time and date at boot time (the “Usertrust�? certificate). This is located at mentioned above in the documentation.
- For GCP, in order to authenticate the Cloud server. Depending on the server, the globalsign_usertrust.pem may need to be updated based on Google Cloud™ list of supported CAs from pki.google.com/roots.pem. For sample program, it is located at — Middlewares/Third_Party/GCP/res/trusted_RootCA_certs/roots.pem
I found checking the information and expiration date of these certificates is helpful. It is important to know details of certificates in case globalsign_usertrust need to be changed -
$ openssl crl2pkcs7 -nocrl -certfile roots.pem | openssl pkcs7 -print_certs -noout
subject=C = US, O = Google Trust Services LLC, CN = GTS LTSR
issuer=C = US, O = Google Trust Services LLC, CN = GTS LTSR
subject=OU = GlobalSign ECC Root CA — R4, O = GlobalSign, CN = GlobalSign
issuer=OU = GlobalSign ECC Root CA — R4, O = GlobalSign, CN = GlobalSign
I copy-pasted the certifcates one after other and it worked.
