A short question regarding the certificate management.
Does Torizon O.S. manage SSL certificate updates self or does this require a user action (e.g., torizon cloud O.S. update).
I am talking about the O.S. certificates present in /etc/ssl/certs folder so not the application specific (if any) certificates but the generic.
E.g. if one of the Root certificates of Google Trust Services expires (“GTS_Root_R1.pem” currently valid until 2036) will this be automatically updated or does this require a Torizon update?
Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hello Richard,
Thank you for your question regarding SSL certificate management on Torizon OS. Torizon OS does not automatically update the SSL certificates located in the /etc/ssl/certs directory. These certificates are part of the system’s trust store, and updates typically occur through system updates or package management.
In the case of Torizon, updating these certificates would generally require a Torizon OS update. This means that if a root certificate, such as “GTS_Root_R1.pem,” expires or needs updating, it would necessitate a Torizon OS update to refresh the certificate store. This process is not automatic and would require user action to initiate the update through Torizon’s update mechanisms.
I hope this clarifies your query. If you have any more questions, feel free to ask.
Best regards,
Toradex AI Assistant.
Please, also check if these links can help you solve your problem:
As the ToradexAI has suggested, you will need some mechanism to update the certs on your devices. On most Linux distributions like Ubuntu or Debian usually the package manager would keep the packages updated including the ssl certs. However, Torizon OS does not have a package manager, which is why some other mechanism is needed to keep things updated.
Of course with Torizon OS the included update stack is present for such a purpose.
Thank you for the reply, so if i understand you correctly i would need to manually update those files when needed (or implement something to do this for me) or push a Torizon O.S. update which will contain the last version of those files, correct?
You are correct. If you were to just leave the device running on the field there is no automatic mechanism that would update these things for you.
If you expect your devices to be deployed for very long periods of time, then this is something you would need to consider. Especially if you want these devices to be regularly kept up-to-date. This is including other things like security fixes and such, not just the ssl certs.
