CDRouter Support

Where can I find the most up to date SSL certificates for the USP MTP layer?

knowledge-base version 13.3

The CDRouter USP (TR-369) expansion includes a “server” certificate file which can be used for SSL/TLS testing. The certificate is distributed in .pem format and is located in the /usr/cdrouter/tests directory on the CDRouter host system.

Sectigo/Comodo Signed Server Certificates

The current USP “server” certificate may be used for both the MTP (Message Transport Protocol) layer and the USP record layer.

For the MTP layer, it will be used for which ever method is confgured: Web Sockets, CoAP, STOMP, or MQTT.

Sectigo Root CA

The “server” certificate is signed by a Sectigo (formerly Comodo) Root CA. Your USP agent should hopefully have this Root CA already installed in its certificate store, but if it does not, we have also included it on your CDRouter system. You would need to manually copy it to the device where your TR-369 (USP) agent is located.

For more information on the Sectigo Chain Hierarchy and Intermediate Roots, please see this page.

Current USP “server” certificates

The USP server certificate in earlier versions of CDRouter are now expired. If you do not upgrade to CDRouter 12.24, you will need to download these certificates below to have SSL work as expected with your TR-369 test cases.

The most up to date certificates for both the MTP and USP layers, in CDRouter’s USP expansion, can be found in the following table (these certificates are included with CDRouter 12.24). This certificate chain uses ECC encryption:

Certificate Type Signature Algorithm File Expiration Date
USP “server” certificate ecdsa (SHA256) March 6, 2023
Intermediate CAs (2) ecdsa (SHA384) December 31, 2030
Root CA rsa (SHA1) December 31, 2028



About CDRouter

QA Cafe CDRouter is a comprehensive and powerful test automation solution focused on feature, security, and performance testing for broadband and enterprise edge gateways, Wi-Fi and mesh systems, and other CPE.

Get in touch via our Contact page or by following us on your favorite service: