We are using self-signed certificates for code signing our OTA devices. This certificate has expired and we want to update all our devices with the new certificates.
This certificate is hardcoded in the OTA devices which is not allowing us to update it in any other way.
Your help in this matter will be highly appreciated.
I do not think that the device will allow you to use an expired certificate to update itself. The libraries are designed as such keeping security in mind. I think you might need to update it manually. That being said, I am talking to experts in our team and will get back to you with a definitive answer.
We would like to see the OTA PAL implementation that you are using. That is because most PALs ignore the certificate part and only verify the public key contained in the cert.
If that is the case, then probably you can use the same key to generate a new cert which would work.
Let us know if that helps or you need any more clarification.
Thanks, Aniruddha, for your excellent suggestion. We’ve generated a new certificate using the existing key and successfully imported it into AWS ACM. Following the build creation with this certificate, everything appears to be functioning smoothly.