Where can I find the most up to date SSL certificates for the USP MTP layer?
The CDRouter USP (TR-369) expansion includes a “server” certificate file which
can be used for SSL/TLS testing. The certificate is distributed in .pem
format and is located in the /usr/cdrouter/tests directory on the CDRouter
host system.
Sectigo/Comodo Signed Server Certificates
The current USP “server” certificate may be used for both the MTP (Message Transport Protocol) layer and the USP record layer.
For the MTP layer, it will be used for which ever method is configured: WebSockets, STOMP, or MQTT.
Sectigo Root CA
The “server” certificate is signed by a Sectigo (formerly Comodo) Root CA. Your USP agent should hopefully have this Root CA already installed in its certificate store, but if it does not, we have also included it on your CDRouter system. You would need to manually copy it to the device where your TR-369 (USP) agent is located.
For more information on the Sectigo Chain Hierarchy and Intermediate Roots, please see this page.
Current USP “server” certificates
The USP server certificate in earlier versions of CDRouter are now expired. If you do not upgrade to CDRouter 13.11, you will need to download these certificates below to have SSL work as expected with your TR-369 test cases.
The most up to date certificates for both the MTP and USP layers, in CDRouter’s USP expansion, can be found in the following table (these certificates are included with CDRouter 13.11). This certificate chain uses ECC encryption:
| Certificate Type | Signature Algorithm | File | Expiration Date |
|---|---|---|---|
| USP “server” certificate | ecdsa (SHA256) | wildcard.cdroutertest.com.pem | February 17, 2024 |
| Intermediate CAs (2) | ecdsa (SHA384) | wildcard.cdroutertest.com-ca.pem | December 31, 2030 |
| Root CA | rsa (SHA1) | wildcard.cdroutertest.com-rootca.pem | December 31, 2028 |
