Can I just renew CA certificate without implication for the ESP device?

RichPiano
Posts: 123
Joined: Mon May 18, 2020 2:51 pm

Can I just renew CA certificate without implication for the ESP device?

Postby RichPiano » Wed Aug 18, 2021 8:03 am

I found out that mbedTLS doesn't check the expiry date of a certificate by default.

Does that mean that I can (provided I use the same private key to create the certificate) create a new self signed CA certificate (which my update server depends on) on the server side and not have to change anything on the esp (client side)?

My gut feeling says that when the public key in the new and old CA certificate stays the same, the ESP should be able to validate the webservers certificate also with an "outdated" CA certificate in store. Is this correct?

Who is online

Users browsing this forum: No registered users and 88 guests