The certificates settings (<certificates> tag) contains the trusted server certificates. This XML tag can be used either
inside the <settings> tag in a general provisioning file (but outside the </phone-settings> tag)
as an individual XML file whose URL is listed inside <setting-files> tag
The tag contains an attribute with the URL of the certificate file to fetch:
<certificate url="http://some.url/certificate.der" /> |
Please note that the download of the certificate is delayed after all provisioning xml files have been loaded and processed. |
A second variant of this tag is supported, where the content of the certificate file is included as a base64 encoded string:
<certificate type="base64">...</certificate> |
The benefit of this variant is, that the certificate is immediately available after processing the line in the provisioning XML. You can get the base64 encoded certificate out of the PEM format, removing the BEGIN / END taglines:
|
<?xml version="1.0" encoding="utf-8" ?> <settings> <phone-settings e="2"> <webserver_cert type="base64"> -----BEGIN CERTIFICATE----- MIICYDCCAgegAwIBAgIUYYCoo7Quk1EAshVNoXeqeIzcWmYwCgYIKoZIzj0EAwIw gZgxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdHZXJtYW55MRAwDgYDVQQHDAdCb2No b2x0MSIwIAYDVQQKDBlHaWdhc4V0IFRlY2hub2xvZ2llcyBHbWJIMSswKQYDVQQL DCJJbnRlcm1lZGlhdGUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRQwEgYDVQQDDAtH aWdhc2V0Lm5ldDAeFw0yNDEwMjEwNjIwNTNaFw00OTEyMzEwNjIwNTNaMGwxCzAJ BgNVBAYTAkeFMRAwDgYDVQQIDAdHZXJtYW85MRAwDgYDVQQHDAdCb2Nob2x0MSIw IAYDVQQKDBlHaWdhc2V0IFRlY2hub2xvZ2llcyBHbWJIMRUwEwYDVQQDDAwwMDA0 MTNFMjA2NTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAT2FViZBKR1KnLJHJBX bvQ601CsQmxa5zIP7aQDFnIqAVAJVGyUSGITHdVBt6xvYOboEPiMFzG4LOtd9P31 xhGzo1owWDAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUTKLx9RmV 4CzoqutqOpHhE9kFGXEwHwYDVR0jBBgwFoAUfIYKPnpxrF65r1FgtghMX75rJ8kw CgYIKoZIzj0EAwIDRwAwRAIgLbpnJY+yXSj/o+vlpvAWHegWmqTt7YHyBXq+VLvf fG8CIA3tQmFON1/yzW2+GKknHHC1HFNB4GbFyEwrKg1M8Lzy -----END CERTIFICATE----- -----BEGIN EC PRIVATE KEY----- MHcCAQE6IO2+ocyLxuVOw2nfsqLMPCos4tiXSi7M8olMNSk7glHNoAoGCCqGSM49 AwEHoUQDQgAE9hVYmQSydSpyyRyQV270OtNQrEJsWucyD+2kAxZyKgFQCVRslEhi Ex3VQbesc2Dm6BD4jBcxuCzrXfT99cYRsw== -----END EC PRIVATE KEY----- </webserver_cert> </phone-settings> </settings> |
<?xml version="1.0" encoding="utf-8" ?> <certificates> <certificate url="http://192.168.2.1/trusted_cert1.DER" /> <certificate url="http://192.168.2.1/trusted_cert2.DER" /> <certificate type="base64"> [-----BEGIN CERTIFICATE-----] MIIG9zCCBd+gAwIBAgIIUf9BRQhu9JwwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UE BhMCREUxJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxHzAd BgNVBAsTFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxHjAcBgNVBAMTFVRlbGVTZWMg QnVzaW5lc3MgQ0EgMTAeFw0xODA0MTkxMDQ3MTlaFw0yMDA3MTkyMzU5NTlaMIGl MQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsG A1UECxMUU0lQLVRydW5rLnRlbGVrb20uZGUxEjAQBgNVBAsTCVNJUC1UcnVuazEY [-----END CERTIFICATE-----] [-----BEGIN CERTIFICATE (private key)-----] MBYGA1UEAxMPdGVsLnQtb25saW5lLmRlMRwwGgYDVQQIExNOb3JkcmhlaW4tV2Vz dGZhbGVuMQ0wCwYDVQQHEwRCb25uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAwl6iq3B9EBJe9z34yCikyfla+ZSKE4gQUpo3hLLz2zXKiQildQc6qB6g MzYvwjVJI64t5S2CbqEybBtrPn0FiziseDRZKnt+bkuIqZNPOYtkE1akGgdjIieV Wjg6oD37+BCCqyq60gq0FbsGgjlwiNb68jL7dUXzRi2lgxtwk86+g/QFg+3rQts/ 3GREGNhwVbu4mUIrnnphaUA8BnUeGi++8j9d21ZF/uW2pIQqVBItYDflBee+qGfk [-----END CERTIFICATE (private key)-----] </certificate> </certificates> |
<?xml version="1.0" encoding="utf-8" ?> <settings> <phone-settings e="2"> [...] </phone-settings> <certificates> <certificate type="base64"> MIIG9zCCBd+gAwIBAgIIUf9BRQhu9JwwDQYJKoZIhvcNAQELBQAwdTELMAkGA1UE BhMCREUxJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxHzAd BgNVBAsTFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxHjAcBgNVBAMTFVRlbGVTZWMg QnVzaW5lc3MgQ0EgMTAeFw0xODA0MTkxMDQ3MTlaFw0yMDA3MTkyMzU5NTlaMIGl MQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEdMBsG A1UECxMUU0lQLVRydW5rLnRlbGVrb20uZGUxEjAQBgNVBAsTCVNJUC1UcnVuazEY [...] [...] MBYGA1UEAxMPdGVsLnQtb25saW5lLmRlMRwwGgYDVQQIExNOb3JkcmhlaW4tV2Vz dGZhbGVuMQ0wCwYDVQQHEwRCb25uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAwl6iq3B9EBJe9z34yCikyfla+ZSKE4gQUpo3hLLz2zXKiQildQc6qB6g MzYvwjVJI64t5S2CbqEybBtrPn0FiziseDRZKnt+bkuIqZNPOYtkE1akGgdjIieV Wjg6oD37+BCCqyq60gq0FbsGgjlwiNb68jL7dUXzRi2lgxtwk86+g/QFg+3rQts/ 3GREGNhwVbu4mUIrnnphaUA8BnUeGi++8j9d21ZF/uW2pIQqVBItYDflBee+qGfk </certificate> </certificates> |