The certificates settings (<certificates> tag) contains the trusted server certificates. This XML tag can be used either

  • inside the <settings> tag in a general provisioning file (but outside the </phone-settings> tag)

  • as an individual XML file whose URL is listed inside <setting-files> tag

The tag contains an attribute with the URL of the certificate file to fetch:

<certificate url="http://some.url/certificate.der" />

Note:

Please note that the download of the certificate is delayed after all provisioning xml files have been loaded and processed.

A second variant of this tag is supported, where the content of the certificate file is included as a base64 encoded string:


<certificate type="base64">...</certificate>

Note:

The benefit of this variant is, that the certificate is immediately available after processing the line in the provisioning XML. You can get the base64 encoded certificate out of the PEM format, removing the BEGIN / END taglines:

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

Examples:

Upload provisioning client certificate as an individual XML file whose URL is listed inside <setting-files> tag
<?xml version="1.0" encoding="utf-8" ?>
<settings>
<phone-settings e="2">
  <webserver_cert type="base64">
-----BEGIN CERTIFICATE-----
MIICYDCCAgegAwIBAgIUYYCoo7Quk1EAshVNoXeqeIzcWmYwCgYIKoZIzj0EAwIw
gZgxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdHZXJtYW55MRAwDgYDVQQHDAdCb2No
b2x0MSIwIAYDVQQKDBlHaWdhc4V0IFRlY2hub2xvZ2llcyBHbWJIMSswKQYDVQQL
DCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRQwEgYDVQQDDAtH
aWdhc2V0Lm5ldDAeFw0yNDEwMjEwNjIwNTNaFw00OTEyMzEwNjIwNTNaMGwxCzAJ
BgNVBAYTAkeFMRAwDgYDVQQIDAdHZXJtYW85MRAwDgYDVQQHDAdCb2Nob2x0MSIw
IAYDVQQKDBlHaWdhc2V0IFRlY2hub2xvZ2llcyBHbWJIMRUwEwYDVQQDDAwwMDA0
MTNFMjA2NTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT2FViZBKR1KnLJHJBX
bvQ601CsQmxa5zIP7aQDFnIqAVAJVGyUSGITHdVBt6xvYOboEPiMFzG4LOtd9P31
xhGzo1owWDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUTKLx9RmV
4CzoqutqOpHhE9kFGXEwHwYDVR0jBBgwFoAUfIYKPnpxrF65r1FgtghMX75rJ8kw
CgYIKoZIzj0EAwIDRwAwRAIgLbpnJY+yXSj/o+vlpvAWHegWmqTt7YHyBXq+VLvf
fG8CIA3tQmFON1/yzW2+GKknHHC1HFNB4GbFyEwrKg1M8Lzy
-----END CERTIFICATE-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQE6IO2+ocyLxuVOw2nfsqLMPCos4tiXSi7M8olMNSk7glHNoAoGCCqGSM49
AwEHoUQDQgAE9hVYmQSydSpyyRyQV270OtNQrEJsWucyD+2kAxZyKgFQCVRslEhi
Ex3VQbesc2Dm6BD4jBcxuCzrXfT99cYRsw==
-----END EC PRIVATE KEY-----
</webserver_cert>
</phone-settings>
</settings>




<?xml version="1.0" encoding="utf-8" ?>
 <certificates>
  <certificate url="http://192.168.2.1/trusted_cert1.DER" />
  <certificate url="http://192.168.2.1/trusted_cert2.DER" />
  <certificate type="base64">
[-----BEGIN CERTIFICATE-----]
MIIG9zCCBd+gAwIBAgIIUf9BRQhu9JwwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UE
BhMCREUxJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxHzAd
BgNVBAsTFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxHjAcBgNVBAMTFVRlbGVTZWMg
QnVzaW5lc3MgQ0EgMTAeFw0xODA0MTkxMDQ3MTlaFw0yMDA3MTkyMzU5NTlaMIGl
MQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsG
A1UECxMUU0lQLVRydW5rLnRlbGVrb20uZGUxEjAQBgNVBAsTCVNJUC1UcnVuazEY
[-----END CERTIFICATE-----]
[-----BEGIN CERTIFICATE (private key)-----]
MBYGA1UEAxMPdGVsLnQtb25saW5lLmRlMRwwGgYDVQQIExNOb3JkcmhlaW4tV2Vz
dGZhbGVuMQ0wCwYDVQQHEwRCb25uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwl6iq3B9EBJe9z34yCikyfla+ZSKE4gQUpo3hLLz2zXKiQildQc6qB6g
MzYvwjVJI64t5S2CbqEybBtrPn0FiziseDRZKnt+bkuIqZNPOYtkE1akGgdjIieV
Wjg6oD37+BCCqyq60gq0FbsGgjlwiNb68jL7dUXzRi2lgxtwk86+g/QFg+3rQts/
3GREGNhwVbu4mUIrnnphaUA8BnUeGi++8j9d21ZF/uW2pIQqVBItYDflBee+qGfk
[-----END CERTIFICATE (private key)-----]
  </certificate>
 </certificates>




<?xml version="1.0" encoding="utf-8" ?>
<settings>
<phone-settings e="2">
  [...]
</phone-settings>
<certificates>
   <certificate type="base64">
 MIIG9zCCBd+gAwIBAgIIUf9BRQhu9JwwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UE
 BhMCREUxJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxHzAd
 BgNVBAsTFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxHjAcBgNVBAMTFVRlbGVTZWMg
 QnVzaW5lc3MgQ0EgMTAeFw0xODA0MTkxMDQ3MTlaFw0yMDA3MTkyMzU5NTlaMIGl
 MQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsG
 A1UECxMUU0lQLVRydW5rLnRlbGVrb20uZGUxEjAQBgNVBAsTCVNJUC1UcnVuazEY
 [...]
 [...]
 MBYGA1UEAxMPdGVsLnQtb25saW5lLmRlMRwwGgYDVQQIExNOb3JkcmhlaW4tV2Vz
 dGZhbGVuMQ0wCwYDVQQHEwRCb25uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
 CgKCAQEAwl6iq3B9EBJe9z34yCikyfla+ZSKE4gQUpo3hLLz2zXKiQildQc6qB6g
 MzYvwjVJI64t5S2CbqEybBtrPn0FiziseDRZKnt+bkuIqZNPOYtkE1akGgdjIieV
 Wjg6oD37+BCCqyq60gq0FbsGgjlwiNb68jL7dUXzRi2lgxtwk86+g/QFg+3rQts/
 3GREGNhwVbu4mUIrnnphaUA8BnUeGi++8j9d21ZF/uW2pIQqVBItYDflBee+qGfk
   </certificate>
</certificates>