What root certificate must be installed to verify acs.cdroutertest.com.pem?
When HTTPS is used as the transport for TR-069 CWMP sessions, CDRouter’s ACS and Download Server use certificates issued by Sectigo (formerly Comodo) by default. These certificates require other certificates from Comodo’s Certificate Authority (CA) entities in order for the DUT to validate them when setting up an SSL/TLS connection.
Typically, the Sectigo/Comodo Root CA certificate is already pre-installed in the DUT’s list of trusted certificates. In some cases, however, the Root CA certificate must be manually imported.
All of CDRouter’s certificate files can be found in the
/usr/cdrouter/tests directory of your CDRouter system:
-
The
acs.cdroutertest.com.pemfile contains the ACS server certificate (and private key). -
The
acs-download.cdroutertest.com.pemfile contains the download server certificate (and private key). This is used for executing SSL file transfers related to Download/Upload RPC methods -
The
acs.cdroutertest.com-ca.pemfile contains Sectigo/Comodo’s intermediate CA. -
The
acs.cdroutertest.com-rootca.pemfile contains Sectigo/Comodo’s root CA.
You can also download the most recent versions of these files from the article below - Current ACS Certificates.
Most devices allow certificates to be imported through the management interface or by following specific instructions from the manufacturer. Check the device documentation for the requirements and procedure pertaining to your device.
Note: In some cases, the certificate data may need to be converted from PEM (plain text) to DER (binary) format. (See: “Converting from PEM to DER format” for more details)
