Search Results

Where can I find the most up to date SSL certificates for the USP MTP layer?

The CDRouter USP (TR-369) expansion includes a “server” certificate file which can be used for SSL/TLS testing. The certificate is distributed in .pem format and is located in the /usr/cdrouter/tests directory on the CDRouter host system.

Sectigo/Comodo Signed Server Certificates

The current USP “server” certificate may be used for both the MTP (Message Transport Protocol) layer and the USP record layer.

For the MTP layer, it will be used for which ever method is configured: WebSockets, STOMP, or MQTT.

Sectigo Root CA

The “server” certificate is signed by a Sectigo (formerly Comodo) Root CA. Your USP agent should hopefully have this Root CA already installed in its certificate store, but if it does not, we have also included it on your CDRouter system. You would need to manually copy it to the device where your TR-369 (USP) agent is located.

For more information on the Sectigo Chain Hierarchy and Intermediate Roots, please see this page.

Current USP “server” certificates

The USP server certificate in earlier versions of CDRouter are now expired. If you do not upgrade to CDRouter 13.11, you will need to download these certificates below to have SSL work as expected with your TR-369 test cases.

The most up to date certificates for both the MTP and USP layers, in CDRouter’s USP expansion, can be found in the following table (these certificates are included with CDRouter 13.11). This certificate chain uses ECC encryption:

Certificate Type Signature Algorithm File Expiration Date
USP “server” certificate ecdsa (SHA256) February 17, 2024
Intermediate CAs (2) ecdsa (SHA384) December 31, 2030
Root CA rsa (SHA1) December 31, 2028