14.4. Working with TLS certificates

The ssl module on the OpenMV Cam (built on mbedTLS) lets a script make encrypted, authenticated network connections. To do anything beyond plain encryption you need certificates. The pages in this section cover what they are, which key types and file formats the camera accepts, how to create self-signed certificates for development and obtain CA-signed ones for production, how to get them onto the camera and verify a remote server, how to protect the private key, and how certificate expiry and rotation affect a deployed device.

• 14.4.1. Concepts: trust, keys, and file format
• 14.4.2. Prerequisites: OpenSSL and the clock
• 14.4.3. Self-signed certificates
• 14.4.4. CA-signed (publicly trusted) certificates
• 14.4.5. Verifying a public server (camera as client)
• 14.4.6. Operations: keys, expiry, and troubleshooting