Where can I find the most up to date SSL certificates for the USP MTP layer?
The CDRouter USP (TR-369) expansion includes a “server” certificate file which
can be used for SSL/TLS testing. The certificate is distributed in .pem
format and is located in the /usr/cdrouter/tests directory on the CDRouter
host system.
Sectigo/Comodo Signed Server Certificates
The current USP “server” certificate may be used for both the MTP (Message Transport Protocol) layer and the USP record layer.
For the MTP layer, it will be used for which ever method is configured: WebSockets, STOMP, or MQTT.
Sectigo Root CA
The “server” certificate is signed by a Sectigo (formerly Comodo) Root CA. Your USP agent should hopefully have this Root CA already installed in its certificate store, but if it does not, we have also included it on your CDRouter system. You would need to manually copy it to the device where your TR-369 (USP) agent is located.
For more information on the Sectigo Chain Hierarchy and Intermediate Roots, please see this page.
Current USP controller certificates
The USP controller certificate used in CDRouter is valid for one year and expires every year in January or early February.
Updated controller certificates will be included in new versions of CDRouter
when available. If you are using an older version of CDRouter with expired
certificates, you may download the current valid certificates below and copy
them to the /usr/cdrouter/tests directory on your CDRouter system.
| Certificate Type | Signature Algorithm | File | Expiration Date |
|---|---|---|---|
| USP “server” certificate | ecdsa (SHA256) | wildcard.cdroutertest.com.pem | January 17, 2025 |
| Intermediate CAs (2) | ecdsa (SHA384) | wildcard.cdroutertest.com-ca.pem | December 31, 2030 |
| Root CA | rsa (SHA1) | wildcard.cdroutertest.com-rootca.pem | December 31, 2028 |
Note: This certificate chain uses ECC encryption.
