FAQs
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Certificate chain

Go to solution
CRE
Associate II

‎2025-03-19 12:57 AM

Hello there,

I am practicing with the STM32H573I-DK demo board, STiROT demo project and the chain of certificate feature.

I have built a chain of certificates as described in https://wiki.stmicroelectronics.cn/stm32mcu/wiki/Security:How_to_start_with_STiRoT_on_STM32H573.

It seems that I cannot execute a regression a regression or other action by supplying the INTERMEDIATE key and certificate. For Instance, Full regression works with ROOT or LEAF credentials, but not the INTERMEDIATE.

Am I doing something wrong ? or is it that intermediate certificates are only meant to generate leaf certificates, and cannot be used to re-open a device.

Thanks for your feedback.

Christian

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Frantz LEFRERE
ST Employee

‎2025-03-19 1:06 AM

Dear @CRE 

You're right the intermediate certificate purpose is to delegate the capacity to create leaf certificate.
This one can't be used to re-open or regress a device.
In the MOOC about secure manager we also describe the certificate chain:
https://www.youtube.com/watch?v=BOBXqUg-PQs&list=PLnMKNibPkDnF5QuZDba2fd2mhOBb0huJK&index=7

Best regards,

Frantz 

 

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
Frantz LEFRERE
ST Employee

‎2025-03-19 1:06 AM

Dear @CRE 

You're right the intermediate certificate purpose is to delegate the capacity to create leaf certificate.
This one can't be used to re-open or regress a device.
In the MOOC about secure manager we also describe the certificate chain:
https://www.youtube.com/watch?v=BOBXqUg-PQs&list=PLnMKNibPkDnF5QuZDba2fd2mhOBb0huJK&index=7

Best regards,

Frantz 

 

0 Kudos
Go to solution
CRE
Associate II
In response to Frantz LEFRERE

‎2025-03-19 2:28 AM

Thanks Frantz for the clear and fast answer,

I also had this question on the same topic: When you generate a certificate with the Trusted Package Creator, you actually get 2, like something.b64 and something_chain.b64. Cert_intermediate_chain.b64 is used later to generate leaf certificates, and cert_leaf_chain.b64 to re-open a device.

But what is the purpose of the other certificates, without "chain" in their names ?

 

Best regards,

Christian

0 Kudos
Go to solution
Frantz LEFRERE
ST Employee

‎2025-03-19 2:33 AM

@CRE,

"what is the purpose of the other certificates", in fact this is somehow an intermediate file but that can't be use to reopen the device. As the "chain" is composed of all the needed certificate.
Best regards,

Frantz

0 Kudos
Top