Recommendations#

  1. SiWN917 supports only .pem format certificates. Users need to convert their certificates of other formats (like .der) to .pem format and then load them into the module. One can use OpenSSL tool to convert .der format certificate into .pem using the following command:

    openssl x509 -in <name of der format certificate> -out <name for pem format certificate> 
Ex: openssl x509 -in cert.der -out cert.pem

  2. Load the EAP certificates in order of private key, public key, and CA certificates individually with certificate type as 17,33 and 49 respectively. Maximum certificate length for each individual certificate is 4088 bytes or aggregate the certificates in to one file in a fixed order of private key, public key, intermediate CA/dummy certificate, and CA certificate and load the certificate with certificate type 1.

  3. The maximum size for CA certificate is 12280 bytes. The maximum size for other certificate types like Client certificate and Private key etc., is 4088 bytes for each of them.

  4. The total maximum size for a single certificate set of one CA certificate, one client certificate and one private key is 12280 bytes + 4088 bytes + 4088 bytes = 20456 bytes.

  5. Supported TLS versions with WPA2 Enterprise Security are TLS v1.0 and TLS v1.2. And the corresponding settings for selecting TLS v1.0/v1.2 should be done at server end.

  6. Whenever there is an EAP failure, user can check for the validity of the certificates loaded by decoding the certificates at cert logik.

  7. During the handshake mechanism whenever the user observes the close notify alert, check whether the certificate loaded into the module has ended with proper " \n” which indicates the end of the certificate.

  8. Make sure the certificate loaded has no space.

  9. If the user wants to use a certificate size more than 2048 bytes, then the user needs to enable the following:

    BIT(1) - SL_SI91X_EXT_FEAT_RSA_KEY_WITH_4096_SUPPORT

    and

    BIT(3) -SL_SI91X_EXT_FEAT_SSL_CERT_WITH_4096_KEY_SUPPORT in extended custom feature bitmap.

    And, to enable parameters in extended custom feature bitmap, you need to first enable

    BIT(31) - SL_SI91X_CUSTOM_FEAT_EXTENTION_VALID in custom feature bitmap.