Zymkey can be used as part of the client side TLS transaction against a server that is configured for mutual authentication.
A CSR can be generated using Zymkey. This CSR can be used to generate a certificate from a preferred Certificate Authority or CA (for example: GoDaddy, Comodo or Verisign) or against your own self signed root CA.
To generate a CSR with one of Zymkey’s key slots, simply type the following OpenSSL commands on your Raspberry Pi:
The first touch command is needed because, even though we’re using a key slot located in the Zymkey, openssl wants a placeholder file for the key.
After answering the questions (Country Name, State or Province, etc.) you should have your certificate signing request (myClientCert.csr) that you can present to your preferred CA for certificate generation.
Hi,
I have successfully used Zymkey as the client side of mutual TLS authentication when the CSR is created with the zk slot 0. However, if I try the same using e.g. zk slot 1, it fails. The CSR file is created, and a certificate is created by signing with my CA cert, but the TLS authentication fails.
Can you show us what you’ve already tried? What code you are using to creat the car, and what code you are using to try to access the slot? That will be helpful in us determining what may be going wrong.
I have used the script zymkey-init.sh to initialize a slot and generate the CSR. Once I have the CSR I sign it with my CA, upload the certificate to the server (nRF Cloud), and use the awsiot library to connect to the server, e.g. as shown in zymkey_test.py. It works for zk-slot 0.