TLS Certificate Management

The certs module manages TLS certificates used for establishing TLS connections (e.g., for https or mqtts). In addition to the certificates that can be stored here, all firmwares have the Mozilla NSS project certificate bundle embedded. This bundle includes root certificates that allow connections to most publicly accessible servers.

warp1

certs/state

The current state of TLS certificate management.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Read

curl http://$HOST/certs/state

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Read

mosquitto_sub -v -C 1 -h $BROKER -t $PREFIX/certs/state

{ "certs": [{ "id": 1, "name": "ISRG Root X1" }] }

Name	Description
certs object[8]	Known TLS certificates. [0..7] - A TLS certificate Name Description id int ID of the certificate name string Display name of the certificate

certs/add

Adds a new TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Write

curl http://$HOST/certs/add -d '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/add -m '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

Name	Description
id int	ID of the certificate to be added. Must not already be used by a certificate.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/modify

Modifies an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Write

curl http://$HOST/certs/modify -d '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/modify -m '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

Name	Description
id int	ID of the certificate to be modified.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/remove

Deletes an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Write

curl http://$HOST/certs/remove -d '{ "id": 0 }'

or abbreviated:

curl http://$HOST/certs/remove -d '0'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '{ "id": 0 }'

or abbreviated:

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '0'

Name	Description
id int	ID of the certificate to be deleted.

warp2

certs/state

The current state of TLS certificate management.

Example

HTTP (curl)

# $HOST e.g. warp2-AbCd

Read

curl http://$HOST/certs/state

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp2/AbCd

Read

mosquitto_sub -v -C 1 -h $BROKER -t $PREFIX/certs/state

{ "certs": [{ "id": 1, "name": "ISRG Root X1" }] }

Name	Description
certs object[8]	Known TLS certificates. [0..7] - A TLS certificate Name Description id int ID of the certificate name string Display name of the certificate

certs/add

Adds a new TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp2-AbCd

Write

curl http://$HOST/certs/add -d '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp2/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/add -m '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

Name	Description
id int	ID of the certificate to be added. Must not already be used by a certificate.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/modify

Modifies an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp2-AbCd

Write

curl http://$HOST/certs/modify -d '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp2/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/modify -m '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

Name	Description
id int	ID of the certificate to be modified.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/remove

Deletes an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp2-AbCd

Write

curl http://$HOST/certs/remove -d '{ "id": 0 }'

or abbreviated:

curl http://$HOST/certs/remove -d '0'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp2/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '{ "id": 0 }'

or abbreviated:

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '0'

Name	Description
id int	ID of the certificate to be deleted.

warp3

certs/state

The current state of TLS certificate management.

Example

HTTP (curl)

# $HOST e.g. warp3-AbCd

Read

curl http://$HOST/certs/state

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp3/AbCd

Read

mosquitto_sub -v -C 1 -h $BROKER -t $PREFIX/certs/state

{ "certs": [{ "id": 1, "name": "ISRG Root X1" }] }

Name	Description
certs object[8]	Known TLS certificates. [0..7] - A TLS certificate Name Description id int ID of the certificate name string Display name of the certificate

certs/add

Adds a new TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp3-AbCd

Write

curl http://$HOST/certs/add -d '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp3/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/add -m '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

Name	Description
id int	ID of the certificate to be added. Must not already be used by a certificate.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/modify

Modifies an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp3-AbCd

Write

curl http://$HOST/certs/modify -d '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp3/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/modify -m '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

Name	Description
id int	ID of the certificate to be modified.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/remove

Deletes an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp3-AbCd

Write

curl http://$HOST/certs/remove -d '{ "id": 0 }'

or abbreviated:

curl http://$HOST/certs/remove -d '0'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp3/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '{ "id": 0 }'

or abbreviated:

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '0'

Name	Description
id int	ID of the certificate to be deleted.

wem

certs/state

The current state of TLS certificate management.

Example

HTTP (curl)

# $HOST e.g. wem-AbCd

Read

curl http://$HOST/certs/state

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem/AbCd

Read

mosquitto_sub -v -C 1 -h $BROKER -t $PREFIX/certs/state

{ "certs": [{ "id": 1, "name": "ISRG Root X1" }] }

Name	Description
certs object[8]	Known TLS certificates. [0..7] - A TLS certificate Name Description id int ID of the certificate name string Display name of the certificate

certs/add

Adds a new TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. wem-AbCd

Write

curl http://$HOST/certs/add -d '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/add -m '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

Name	Description
id int	ID of the certificate to be added. Must not already be used by a certificate.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/modify

Modifies an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. wem-AbCd

Write

curl http://$HOST/certs/modify -d '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/modify -m '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

Name	Description
id int	ID of the certificate to be modified.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/remove

Deletes an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. wem-AbCd

Write

curl http://$HOST/certs/remove -d '{ "id": 0 }'

or abbreviated:

curl http://$HOST/certs/remove -d '0'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '{ "id": 0 }'

or abbreviated:

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '0'

Name	Description
id int	ID of the certificate to be deleted.

wem2

certs/state

The current state of TLS certificate management.

Example

HTTP (curl)

# $HOST e.g. wem2-AbCd

Read

curl http://$HOST/certs/state

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem2/AbCd

Read

mosquitto_sub -v -C 1 -h $BROKER -t $PREFIX/certs/state

{ "certs": [{ "id": 1, "name": "ISRG Root X1" }] }

Name	Description
certs object[8]	Known TLS certificates. [0..7] - A TLS certificate Name Description id int ID of the certificate name string Display name of the certificate

certs/add

Adds a new TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. wem2-AbCd

Write

curl http://$HOST/certs/add -d '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem2/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/add -m '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

Name	Description
id int	ID of the certificate to be added. Must not already be used by a certificate.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/modify

Modifies an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. wem2-AbCd

Write

curl http://$HOST/certs/modify -d '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem2/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/modify -m '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

Name	Description
id int	ID of the certificate to be modified.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/remove

Deletes an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. wem2-AbCd

Write

curl http://$HOST/certs/remove -d '{ "id": 0 }'

or abbreviated:

curl http://$HOST/certs/remove -d '0'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. wem2/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '{ "id": 0 }'

or abbreviated:

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '0'

Name	Description
id int	ID of the certificate to be deleted.

any

certs/state

The current state of TLS certificate management.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Read

curl http://$HOST/certs/state

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Read

mosquitto_sub -v -C 1 -h $BROKER -t $PREFIX/certs/state

{ "certs": [{ "id": 1, "name": "ISRG Root X1" }] }

Name	Description
certs object[8]	Known TLS certificates. [0..7] - A TLS certificate Name Description id int ID of the certificate name string Display name of the certificate

certs/add

Adds a new TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Write

curl http://$HOST/certs/add -d '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/add -m '{
  "id": 0,
  "name": "ISRG Root X1",
  "cert": "-----BEGIN CERTIFICATE-----\nMIIFYDCC[__Zertifikatspayload gekürzt__]psr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
}'

Name	Description
id int	ID of the certificate to be added. Must not already be used by a certificate.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/modify

Modifies an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Write

curl http://$HOST/certs/modify -d '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/modify -m '{ "id": 0, "name": "ISRG Root X1 (Lets Encrypt)", "cert": null }'

Name	Description
id int	ID of the certificate to be modified.
name string	Display name of the certificate.
cert string	Certificate in PEM format

certs/remove

Deletes an existing TLS certificate.

http

mqtt

Triggers a one-time action. Messages retained via the broker are ignored.

Example

HTTP (curl)

# $HOST e.g. warp-AbCd

Write

curl http://$HOST/certs/remove -d '{ "id": 0 }'

or abbreviated:

curl http://$HOST/certs/remove -d '0'

MQTT (mosquitto)

# $BROKER e.g. my_mosquitto.localdomain
# $PREFIX e.g. warp/AbCd

Write

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '{ "id": 0 }'

or abbreviated:

mosquitto_pub -h $BROKER -t $PREFIX/certs/remove -m '0'

Name	Description
id int	ID of the certificate to be deleted.